NEWSPAPER 


Scorecard  helps  Delta  Technology  weigh  IT  rif 


Sasser  demonstrates  the  need  for  speedy  patching.  PAGE  12 


Security  Threats  Raise 
Concerns  About  Bluetooth 


a  jr  HEALTH  CARE'S 

Major 
Illness 


Some  IT  managers  take  steps  to  limit  wireless 
use;  vendors  claim  risks  aren’t  widespread 


Diagnosis:  a  broken  supply 
chain.  Hospitals  wasted  more 
than  $11  billion  as  a  result  of  sup¬ 
ply  chain  inefficiencies  last  year. 
We  profile  two  hospitals  using 
IT  to  stop  the  bleeding.  Page  31 


BY  BOB  BREWIN 

Potential  security  risks 
posed  by  the  Bluetooth 
wireless  technology  are 
prompting  some  IT  man¬ 
agers  to  rein  in  use  of 
Bluetooth-equipped  mo¬ 
bile  phones  and  PCs  on 
their  networks. 

Bluetooth  vendors  are 
scheduled  to  hold  a  press 
briefing  today  at  which  they 
will  discuss  the  security  issues 
and  provide  guidance  on  how 
users  can  guard  their  devices 
against  hackers.  But  several  IT 
managers  last  week  said  they 
now  see  a  need  to  protect 
their  networks  from  Bluetooth 
attacks  by  taking  the  same 
steps  they  took  to  secure  their 
corporate  wireless  LANs. 

Wall  Street 
Pressed  on 
Disaster  Plans 

Regulators  require 
firms  to  set  strategies 
for  systems  resiliency 

BY  LUCAS  MEARIAN 

Brokerages  and  other  financial 
services  firms  are  facing  in¬ 
creased  pressure  from  the  fed¬ 
eral  government  and  regula¬ 
tors  within  the  industry  itself 
to  clearly  define  and  test  their 
IT  disaster  recovery  plans. 

Wall  Street  firms  are  also 
being  being  pushed  to  consid¬ 
er  moving  their  backup  data 
Wall  Street,  page  15 


IBH 


For  additional 
wireless 
technology 
coverage,  see 

PAGE  10 


For  example,  Michael  Cia- 
rochi,  a  network  security  man¬ 
ager  at  HomeBanc  Corp.  in  At¬ 
lanta,  said  he  discovered  last 
week  that  Bluetooth  ra¬ 
dios  were  included  in 
laptop  PCs  that  were  be¬ 
ing  configured  by  an  IT 
engineer  for  delivery  to 
the  mortgage  lender’s 
mobile  workers.  The 
radios,  which  operate  in  the 
same  2.4-GHz  band  as  802.11b 
WLANs,  were  turned  on  as  a 
factory  default  setting. 


Ciarochi  said  he  was  con¬ 
cerned  about  the  possibility  of 
opening  a  wireless  back  door 
into  data  stored  on  the  PCs 
and  had  the  Bluetooth  radios 
turned  off  before  the  systems 
went  into  use.  He  added  that 
he  expects  to  have  to  secure 
Bluetooth  by  “locking  it 
down”  on  devices,  the  same 
approach  he  took  with  Home- 
Banc’s  WLANs. 

Emmett  Hawkins,  chief 
technology  officer  at  Leapfrog 
Services  Inc.,  said  he’s  so  con¬ 
cerned  about  Bluetooth  secu¬ 
rity  risks  that  he  plans  to  use  a 
Bluetooth,  page  45 


50M  Electronic  Votes  Could 
Be  Insecure,  Say  Researchers 


Experts,  vendors  spar 
at  commission  hearing 


BY  DAN  VERTON 

WASHINGTON 


IT  security  researchers  said 
they  have  uncovered  signifi¬ 
cant  vulnerabilities  in  the 


electronic  voting  systems  that 
nearly  30%  of  all  registered 
voters  will  use  in  this  Novem¬ 
ber’s  presidential  election. 

In  testimony  before  the  U.S. 
Election  Assistance  Commis¬ 
sion  last  week,  security  re¬ 
searchers  said  that  without 

E-voting,  page  45 


Faster  than  the  speed  of  change. 

Be  nimble.  Be  quick.  HP  Integrity  Servers  are  capable  of  executing  one  million 
transactions  per  minute  and  built  to  run  multiple  operating  systems  simultaneously. 
Supported  by  Intel®  Itanium®  2  technology,  Integrity  is  the  most  powerful  line  of 
industry-standard  servers  available  today.  Providing  you  with  the  computing 
power  to  adapt,  evolve  and  change  faster  than  anyone,  anywhere,  at  any  time. 
www.hp.com/info/integrity 


Solutions  for  the 


adaptive  enterprise. 
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Companies  adopting  HP  integrity  servers,  powered  by  industry-leading  Intel*  Itanium*  2  processors,  are  seeing  remarkable 

gains  in  performance.  The  momentum  is  building.  One  after  another,  companies  are  choosing  HP  Integrity  servers.  Leading  software  and  technology  partners  such  as  BEA, 
Microsoft^  Oracle,  SAP  and  Siebel  Systems  have  embraced  the  platform  as  an  industry  standard.  And  with  the  ability  to  manage  a  mixed  environment  of  UNIX,  Microsoft®  Windows® 
Linux  and  OpenVMS,  HP  Integrity  servers  are  fast  becoming  the  ultimate  consolidation  tool.  Demand  maximum  performance,  reliability  and  cost-efficiency  now,  on  a  platform  that 
will  carry  you  forward  into  the  future.  Demand  performance  that's  real-world  proven,  and  get  it— with  HP  Integrity  server  solutions. 


Choosing  HP  Integrity  servers,  choosing  results. 


AIRBUS  UK: 

Running  HP-UXlli 
on  HP  Integrity  servers, 
20-30  wing  design 
simulations  that  used 
to  take  weeks  are 
now  done  overnight. 


COMPUSA: 

Going  with  64-bit 
architecture  using  HP 
Integrity  servers,  they 
cut  access  time  to 
inventory  data  by  up 
to  85%. 


FIAT  AUTO: 

Standardizing  on  64-bit 
infrastructure  using  HP 
Integrity  servers,  they're 
integrating  and  enhancing 
sales  and  service  as  well 
as  streamlining  the  buying 
process  while  lowering 
sales  cost. 


THE  KOEHLER  GROUP: 
Moving  to  an  environment 
composed  of  HP  Integrity 
servers,  they  gained 
a  50%  improvement  in 
mission-critical  performance. 


Intel.  Intel  Inside,  the  Intel  Inside  Logo  and  Itanium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  U.S.  and  other  countries.  Microsoft  and  Windows  are  either  registered  trademarks  or  trademarks  of  Microsoft 

Corporation.  ©2004  Hewlett-Packard  Development  Company,  L.P 
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Extended  Enforcement 

Also  in  the  Technology  section:  It  isn’t  good  enough  to 
install  security  tools  such  as  firewalls  and  antivirus 
software  on  end  users’  systems.  Companies  are  finding 
that  enforcement  of  security  policies  at  network  end¬ 
points  is  also  becoming  increasingly  crucial.  Page  21 
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6  Computer  Associates  plans  to 

focus  on  product  integration 
and  reassuring  customers 
about  its  corporate  health  at 
the  CA  World  user  conference. 

7  Outsourcing  of  printing  ser¬ 
vices  is  starting  to  appeal  to 
companies  as  another  way  to 
cut  costs. 


7  Hewlett-Packard  and  Sun 

launch  radio  frequency  identi¬ 
fication  test  centers. 

10  Cisco  adds  WLAN  manage¬ 
ment  support  to  its  Catalyst 
6500  switches. 


10  Offshore  outsourcers  could 
be  affected  by  a  privacy  bill 
proposed  by  Sen.  Hillary 
Rodham  Clinton. 


12  The  Sasser  worm’s  limited 
impact  on  corporate  comput¬ 
ing  demonstrates  the  need 
for  quick  patch  response, 
say  experts. 


12  Microsoft  outlines  its  latest 
plans  for  Longhorn  and  64-bit 
Windows  and  a  proposal  to 
help  users  connect  devices 
via  Web  services. 


26  Future  Watch:  Computational 
Origami.  This  new  field 
promises  to  solve  complex 
engineering  problems,  as  well 
as  to  help  find  cures  for  dis¬ 
eases  such  as  Alzheimer’s  and 
mad  cow,  say  researchers. 

28  Security  Manager’s  Journal: 
Security  Policy  a  Paper 
Tiger.  Despite  explicit  poli¬ 
cies  at  Mathias  Thurman’s 
company,  problems  with 
rogue  access  points  and 
incident-response  procedures 
haven’t  improved. 

MANAGEMENT 


31  Health  Care’s  Major  Illness. 

Relatively  few  hospitals  have 
seriously  tackled  supply  chain 
issues.  Here’s  a  look  at  the 
strategies  two  pioneering  hos¬ 
pitals  developed  to  free  them¬ 
selves  from  crippling  supply 
chain  costs  and  inefficiencies. 

34  Managing  IT  Risk  at  Delta.  A 

rigorous  but  simple  scorecard 
helps  Delta  Technology  bal¬ 
ance  the  risk  of  technology 
failure  against  the  costs  of 
upgrading. 


14  Thomas  Siebel  gives  up  the 
CEO  job  and  full  management 
responsibility  at  his  namesake 
company  to  IBM’s  sales  chief. 

14  SAP  counts  on  its  NetWeaver 
middleware  to  get  its  installed 
base  to  buy  new  products. 

15  Red  Hat  develops  a  desktop 
version  of  its  Linux  operating 
system  for  mainstream  corpo¬ 
rate  users. 


35  Q&A:  Tall  Tales.  Stephen  Den¬ 
ning,  former  head  of  knowl¬ 
edge  management  at  the 
World  Bank,  says  storytelling 
can  move  organizations  to  ac¬ 
tion  when  other  methods  fail. 

36  Career  Watch.  Partners 
Healthcare  Deputy  CIO  Mary 
Finlay  talks  about  the  Region¬ 
al  Leadership  Forum  and  soft 
skills.  Plus,  tips  for  conflict 
management. 


8  On  the  Mark:  Mark  Hall  finds 
a  product  to  control  data  qual¬ 
ity  costs,  as  well  as  a  vendor 
that  says  dedicated  network¬ 
ing  appliances  are  better  than 
multifunction  ones. 

16  Maryfran  Johnson  hears 
echoes  of  past  IT  crises  in  the 
rush  to  comply  with  regulato¬ 
ry  mandates  but  hopes  this 
challenge  is  handled  better. 

16  Pimm  Fox  cautions  that  if 
you’re  not  hobnobbing  with 
elected  officials  who  can  cut 
red  tape  to  help  your  IT  busi¬ 
ness,  you’re  missing  out. 

17  Dan  Gillmor  is  a  road  warrior 
who’s  prepared  for  almost  any 
contingency.  Here  is  what’s 
currently  in  his  gadget  bag. 

30  Nicholas  Petreley  says  the 
latest  version  of  the  GNOME 
graphical  desktop  environ¬ 
ment  fulfills  low  expectations. 

37  Bart  Perkins  looks  at  how  to 
manage  risk/reward  contracts 
to  maximize  the  rewards  and 
minimize  the  risks. 

46  Frankly  Speaking:  Frank 
Hayes  doesn’t  think  the  Sass¬ 
er  worm  and  its  ilk  are  trivial. 
They’re  signs  that  worm  writ¬ 
ers  are  prototyping  toward 
something  truly  destructive. 
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What  Can  You  Afford  to  Lose? 

DISASTER  RECOVERY:  Companies  should 
know  how  fast  they  can  get  their  businesses 
running  again  and  how  much  data  they  can  af¬ 
ford  to  lose.  Live  Vault  CEO  Bob  Cramer  offers 
key  metrics  you  can  use.  ©  QuickLink  45971 

Prevent  Insider  Theft 

SECURITY:  Heading  off  the  unauthorized 
transfer  of  a  company’s  key  digital  assets  re¬ 
quires  both  management  and  technology 
controls,  writes  Danny  Lieberman  of  Open 
Solutions  in  Israel.  ©  QuickLink  46542 
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A  Security  Key 
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as  a  set  of  technical  issues,  but  it  requires  at¬ 
tention  from  boards  of  directors,  write  FTC 
Commissioner  Orson  Swindle  and  Corporate 
Governance  Task  Force  Co-chairman  Bill 
Conner.  ©  QuickLink  46642 
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converged  voice  and  data  networks. 
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DEVELOPMENT:  If  humans  can  build  won¬ 
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Schmidt  Won’t  Run 
For  Congress  Seat 

Howard  Schmidt,  chief  security 
officer  at  eBay  Inc.,  announced 
Friday  that  he  won’t  seek  the  8th 
District  congressional  seat  being 
vacated  in  his  home  state  of 
Washington.  The  former  White 
House  cybersecurity  adviser  and 
onetime  chief  security  officer  at 
Microsoft  Corp.  said  he  plans  to 
work  more  closely  with  the  U.S. 
Department  of  Homeland  Security 
instead  of  running  for  office. 


Novell  Starts  Tests 
Of  Its  Mono  Tools 

Novell  Inc.  made  its  Mono  open- 
source  application  development 
software  available  for  beta  testing 
and  said  it  expects  to  ship  Version 
1.0  by  the  end  of  next  month. 
Mono  is  designed  to  be  an  alter¬ 
native  to  Microsoft’s  .Net  technol¬ 
ogy.  It  includes  a  runtime  envi¬ 
ronment  for  .Net  applications,  an 
integrated  development  environ¬ 
ment  and  a  compiler  for  Micro¬ 
soft’s  C#  language. 


Intel  Plans  Shift  to 
Dual-Core  Chips 

Intel  Corp.  said  that  it  plans  by 
the  end  of  next  year  to  shift  all  of 
its  processor  designs  to  dual-core 
chips,  affecting  everything  from 
notebook  PCs  to  multiprocessor 
servers.  As  part  of  the  move  to 
put  two-processor  cores  on  a  sin¬ 
gle  chip  across  the  board,  the 
company  has  dropped  single-core 
CPUs  code-named  Tejas  and  Jay- 
hawk  from  its  product  road  map. 


Short  Takes 

MICROSOFT  promoted  Ron 
Markezich,  previously  general 
manager  of  finance  and  adminis¬ 
tration  IT,  to  CIO.  He  reports  to 
former  CIO  Rick  Devenuti,  who 
now  is  corporate  vice  president  of 

worldwide  services _ ASCEN- 

TiAL  SOFTWARE  CORP.  in  West- 
boro,  Mass.,  this  week  plans  to 
announce  a  Version  7.5  upgrade 
of  its  data  integration  tools,  with 
shipments  due  next  month. 


to  Focus  on  User 
Product  Integration 


CA  World 
Concerns, 

Customers  seeking 
reassurance  after 
company  shakeup 

BY  MATT  HAMBLEN 

s  computer  Associ¬ 
ates  International 
Inc.  heads  into  its 
annual  CA  World 
user  conference  in  two  weeks, 
it  faces  serious  user  concerns 
about  the  soundness  of  the 
company  and  its  leadership. 

After  witnessing  the  compa¬ 
ny’s  acknowledgement  of  ac¬ 
counting  improprieties  and 
the  ouster  of  Sanjay  Kumar 
from  his  position  as  CEO, 
users  said  CA  officials  must 
now  reassure  them  that  the 
company  will  be  able  to  main¬ 
tain  its  newfound  focus  on 
customer  support. 

“I  want  to  know  if  CA  will 
continue  to  have  the  same 
customer-oriented  policy,” 
said  Mike  Stevenson,  enter¬ 
prise  administrator  for  Peel 
Regional  Police  in  Brampton, 
Ontario.  Recent  leadership 


changes  and  financial  disclo¬ 
sures  are  “more  important 
than  any  technology  CA  an¬ 
nounces,  because  they  mean 
the  organization  won’t  be  as 
focused  [on  customers]  as 
before.” 

Mark  Barrenechea,  CA’s  se¬ 
nior  vice  president  of  product 
development,  acknowledged 
last  week  that  CA  World  at¬ 
tendees  will  want  to  be  reas¬ 
sured  about  the  Islandia,  N.Y.- 
based  company’s  financial 
health.  “Certainly,  I  think  the 
top  issue  will  be  the  state  of 
the  company,  [which  is]  top  of 
mind  for  everyone  and  a  fair 
question,”  he  said. 

Tough  Issues 

Interim  CEO  Kenneth  Cron 
will  deliver  the  opening  key¬ 
note  at  the  conference  in  place 
of  Kumar.  Cron  “brings  a  lot 
of  maturity ...  a  lot  of  stability 
. . .  understands  the  macro 
aspects  of  the  marketplace 
and  is  providing  fantastic 
interim  leadership  for  us,” 
Barrenechea  said.  “[He  will] 


CA  World  2004 


Key  themes  will  include: 

*  Reassurances  of  the  sound¬ 
ness  of  the  company  and  its 
leadership. 

■  A  new  initiative  for  the  hori¬ 
zontal  integration  of  four 
major  product  groups. 

■  An  expanded  commitment  to 
open-source  programs. 

••••••••••••••••••••••a#*** 

■  An  on-demand  approach  and 
Sonar  automation  technology. 

be  speaking  very  directly  about 
the  company”  at  CA  World. 

And  Cron  will  have  some 
tough  issues  to  speak  about. 
CA  announced  last  week  that 
it  had  to  delay  its  financial  re¬ 
port  on  its  just-ended  fourth 
quarter  and  revise  its  revenue 
calculations  for  its  second  and 
third  quarters  [QuickLink 
46714].  That  development  fol¬ 
lowed  on  the  heels  of  former 
U.S.  Secretary  of  State  Mad¬ 
eleine  Albright’s  decision  to 


CA’s  Barrenechea  Explains  Offshore  Strategy 


Mark  Barrenechea,  CA's  senior 
vice  president  of  product  devel¬ 
opment,  spoke  with  Computer- 
world  last  week  about  an  off¬ 
shore  strategy  that  calls 
for  spending  a  growing 
percentage  of  CA’s  de¬ 
velopment  dollars  on 
programmers  in  China 
and  India.  Barrenechea 
stressed  that  this  is  be¬ 
ing  accomplished  with¬ 
out  sacrificing  U.S. 
developer  jobs.  Ex¬ 
cerpts  from  the  inter¬ 
view  follow: 

How  much  of  your  develop¬ 
ment  work  is  done  offshore? 

We’re  going  to  put  our  corporate 
dollars  in  emerging  markets.  It’s  a 
natural  thing  to  do.  We  have  a  big 
presence  in  Australia;  we  have  a 
growing  presence  in  Hyderabad, 


India;  a  growing  presence  in 
Hong  Kong  and  Beijing;  a  grow¬ 
ing  presence  in  Eastern  Europe. 

Are  those  developer  po¬ 
sitions  ones  that  are 
currently  in  the  U.S.  that 
are  being  moved  over¬ 
seas?  No.  We  are  expand¬ 
ing  our  R&D  efforts  by  sup¬ 
plementing  them  with  labor 
in  markets  that  are  growing 
and  emerging  for  us.  We 
have  not  replaced  jobs  in 
the  U.S.  with  overseas 
jobs.  As  we  get  more  efficient  in 
what  we  do,  we  do  free  up  dol¬ 
lars  that  we  can  reinvest. 

Will  developers  in  India  and 
China  constitute  a  growing 
percentage  of  your  software 
development  workforce? 

Yes. 


You  have  a  set  amount  of 
money  you  can  pay  for  devel¬ 
opers.  Is  it  accurate  to  say 
that  the  percentage  of  that 
money  going  to  foreign  devel¬ 
opers  is  rising?  Yes.  It's  the 
same  for  all  software  companies. 
It’s  true  for  CA,  it’s  true  for  the  in¬ 
dustry. 

What  does  that  curve  look 
like  -  that  increasing  curve  of 
money  being  shifted  to  over¬ 
seas  developers?  The  way  that 
I  think  it’s  most  appropriate  to 
have  the  dialogue  is  to  say  that 
I’m  going  to  put  our  investment 
into  the  markets  that  are  emerg¬ 
ing.  For  me,  it’s  not  cost  opti¬ 
mization,  although  there  is  a 
benefit  to  that.  It  is  investing  in 
markets  that  are  growing. 

Are  there  developers  at  CA 


cancel  her  appearance  as  a 
guest  speaker,  for  which  she 
cited  personal  reasons  [Quick- 
Link  46682]. 

Discussing  other  plans  for 
CA  World,  Barrenechea  said 
the  company  will  announce  an 
initiative  to  significantly  ex¬ 
pand  the  horizontal  integra¬ 
tion  of  management  functions 
across  its  four  main  product 
lines:  eTrust  security,  Bright- 
Stor  storage,  Unicenter  opera¬ 
tions  management  and  All- 
Fusion  application  life-cycle 
management. 

Kenneth  McCardle,  assis¬ 
tant  vice  president  of  informa¬ 
tion  systems  at  Farm  Bureau 
Casualty  Insurance  Co.  in 
Ridgeland,  Miss.,  said  the  inte¬ 
gration  work  is  sorely  needed. 
“Sometimes  CA  products 
don’t  integrate  well  together,” 
including  products  within  the 
Unicenter  line,  he  said. 

Chris  Poole,  president  of  the 
Florida  CA  Users  Group  and 
a  senior  analyst  at  Convergys 
Corp.  in  Jacksonville,  also  wel¬ 
comed  the  integration  initia¬ 
tive.  “I  need  [management 
software]  to  look  at  the  appli¬ 
cation  layer  and  not  the  hard¬ 
ware,”  he  said. 

CA  World  will  be  held  in  Las 
Vegas  on  May  23-27.  O  46761 


who  can  legitimately  com¬ 
plain  that  they’re  losing  their 
jobs  to  workers  in  China  and 
India?  I  think  most  developers  I 
talk  to  welcome  the  concept.  Be¬ 
cause  at  the  end  of  the  day,  they 
want  to  compete,  and  they  want 
to  win,  and  they  want  to  provide 
value  in  what  they  do.  And  if  we 
can  give  them  more  skilled  pro¬ 
grammers  to  get  it  done,  they’re 
happy  to  work  in  this  model. 

But  that  skirts  the  question. 

Are  there  or  are  there  not  U.S. 
developers  at  CA  who  are  los¬ 
ing  their  jobs  to  overseas  de¬ 
velopers?  My  answer  is  no.  That 
is  not  the  approach  we’re  taking. 

-  Don  Tennant 


MORE  ONLINE 


To  read  an  expanded  version  of  this 
interview,  visit  our  Web  site: 


O  QuickLink  46693 

www.computerworld.com 


www.computerworld.com 
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HP,  Sun  Launch  RFID  Test  Centers 


Each  offers  services  to  help  companies 
comply  with  product  tagging  mandates 


BY  CAROL  SLIWA 

The  RFID  bandwagon  contin¬ 
ues  to  pick  up  steam,  as  Hew¬ 
lett-Packard  Co.  and  Sun  Mi¬ 
crosystems  Inc.  launch  test 
centers  and  other  offerings  to 
assist  companies  facing  man¬ 
dates  from  retailers  such  as 
Wal-Mart  Stores  Inc.  to  adopt 
the  technology. 

Last  week,  Sun  opened  the 
doors  to  its  17,000-square-foot 
RFID  Test  Center  in  Carroll¬ 
ton,  Texas,  where  companies 
can  test  and  evaluate  equip¬ 
ment  in  an  environment  that 
simulates  the  warehouses 
where  they  will  deploy  radio 
frequency  identification  tags 
and  readers.  Sun  also  plans  to 
show  users  at  the  center  how 
to  get  long-term  business  ben¬ 
efits  by  integrating  RFID  data 
with  their  back-end  systems. 

Meanwhile,  HP  today  will 
announce  the  launch  of  its 
RFID  Center  of  Excellence  in 
Palo  Alto,  Calif.,  where  cus¬ 
tomers  can  learn  more  about 
the  vendor’s  RFID  vision, 
build  RFID  road  maps  and 
conduct  proofs  of  concept. 

“It’s  a  good  place  to  show 
people  what’s  possible,  how 
things  are  going  to  look, 
what’s  going  to  pan  out,”  said 
Salil  Pradham,  chief  technolo¬ 
gist  for  HP’s  RFID  program. 

HP  plans  to  share  lessons 
it  has  learned  as  a  participant 
in  the  pilot  that  Wal-Mart 
launched  last  month  with 
eight  product  manufacturers 
at  select  stores  and  one  re¬ 
gional  distribution  center  in 
the  Dallas/Fort  Worth  area, 
according  to  Pradham.  HP  is 
affixing  RFID  tags  to  pallets, 
cases  and  boxes  of  PCs,  print¬ 
ers,  scanners,  ink-jet  car¬ 
tridges  and  other  products 
it  ships  to  Wal-Mart. 

HP’s  services  unit  also  in¬ 
troduced  a  trio  of  new  offer¬ 
ings:  an  RFID  Discovery  Ser¬ 
vice  to  help  companies  that 
are  developing  their  own 
RFID  strategies;  an  RFID 
Readiness  Assessment  that 
calls  for  a  review  of  business 


processes,  applications  and  in¬ 
frastructures  to  produce  a  de¬ 
ployment  road  map;  and  an 
RFID  Adaptive  Starter  Kit  to 
help  companies  justify  their 
investments  through  proofs 
of  concept  conducted  at  their 
own  sites  or  at  the  HP  center. 

Building  a  Business  Case 

But  internal  experience  with 
RFID  had  little  to  do  with 
Conros  Corp.’s  selection  of  HP 
to  help  with  a  pilot  project  to 
ensure  that  its  tags  and  read¬ 
ers  work  accurately,  said  CEO 
Navin  Chandaria.  He  said  he 
wanted  to  work  with  a  compa¬ 
ny  that  cuts  through  bureau¬ 
cratic  red  tape,  gets  excited 
about  taking  risks  and  under¬ 
stands  both  technology  and 
business. 


North  York,  Ontario-based 
Conros,  a  supplier  of  artificial 
fire  logs  and  other  products 
to  Wal-Mart,  is  also  working 
with  HP  on  software  that  will 
help  the  company  make  use  of 
the  data  generated  by  RFID 
systems,  Chandaria  added. 

Although  many  industry  an¬ 
alysts  say  Wal-Mart’s  suppli¬ 
ers  are  having  a  tough  time 


building  an  internal  business 
case  for  RFID,  Chandaria  said 
he  has  no  doubt  that  his  com¬ 
pany’s  investment  in  RFID 
technology  will  be  worth  it. 

Victor  Garcia,  the  managing 
principal  for  HP’s  wireless  and 
mobility  program  in  Toronto, 
predicted  that  Conros  will  see 
a  return  on  its  investment 
within  a  year  or  two,  based  on 
increased  inventory  visibility 
and  improved  efficiencies. 

Sun  and  Paris-based  Cap- 


Printing  Services  Getting 
Outsourced  to  Cut  Costs 

Some  companies  find  equipment  too 
expensive  to  own,  hard  to  keep  track  of 


BY  PATRICK  THIBODEAU 

Ford  Motor  Co.  estimates  that 
its  maintenance  and  support 
costs  for  office  printing  are  in 
the  range  of  $40  million  to  $50 
million.  But  that’s  only  an  esti¬ 
mate.  While  Ford  knows  how 
many  PCs  it  has  — 172,000  — 
it  can’t  say  for  certain  how 
many  printers  are  installed. 

“The  reality  is,  we  don’t 
know  how  many  devices  we’ve 
got,”  said  Clive  Johnson,  Ford’s 
European  deskside  services 
manager.  But  based  on  its 
studies  and  pilots,  the  auto¬ 
maker  maintains  that  under 
its  recently  signed  agreement 
with  Hewlett-Packard  Co.,  it 
can  reduce  printing  costs  by 
20%  to  30%. 

Johnson  said  he’s  become  so 
aware  of  the  cost  of  printing 
that  when  he  sees  papers  in  a 
wastebasket,  “I  don’t  see  paper 
in  there,  I  see  dollars  in  there.” 


Ford  officials  last  week 
shared  details  of  a  printer  out¬ 
sourcing  agreement  it  signed 
with  HP,  which  follows  pilot 
projects  at  Ford  facilities  in 
London  and  Dear¬ 
born,  Mich.  Ford 
and  HP  officials  de¬ 
clined  to  disclose 
the  value  of  the 
contract,  however. 

Ford  is  one  of  the 
largest  and  most 
visible  companies 
to  outsource  its 
printing  services. 

But  analysts  say  there’s  accel¬ 
erating  interest  in  improving 
printer  management,  and  in 
many  cases,  companies  may 
choose  to  outsource. 

“The  problem  that  Ford  has 
is  very,  very  common,”  said 
Ken  Weilerstein,  an  analyst 
at  Gartner  Inc.  in  Stamford, 
Conn.  Most  companies  don’t 


FACTO  !D 


60% 

of  companies  will 
have  initiatives  under 
way  to  cut  printing 
costs  by  the  end  of 
2005,  according 
to  Gartner. 


know  how  much  they  are 
spending,  he  said,  adding, 
“They  don’t  really  know  how 
they  are  using  the  equipment, 
and  they  really  can’t  pinpoint 
the  benefit  from  what  they’ve 
got.” 

Gartner  estimates  that  by 
the  end  of  next  year,  60%  of 
companies  will  have  undertak¬ 
en  initiatives  to  cut  document 
printing  costs.  “It  is  very  much 
the  topic  of  interest,”  said 
Weilerstein. 

Ford  has  a  prolif¬ 
eration  of  printers 
that  came  into  the 


company  one  way 
or  another,”  said 
Johnson.  These 
printers  aren’t 
managed  and  are 
often  ink-jet  mod¬ 
els,  which  are 
cheap  to  buy  but 
expensive  to  run,  he  said. 

The  company  began  looking 
at  options  several  years  ago, 
examining  multifunction  de¬ 
vices  that  can  scan  and  fax  as 
well  as  print,  but  it  felt  that 
the  technology  wasn’t  mature. 
That  opinion  has  changed. 

HP  will  install  multifunc¬ 
tion  laser  printer  devices  that 


gemini  announced  last  week 
that  they  are  launching  a  joint¬ 
ly  developed  RFID  service  and 
product  offering  that  is  aimed 
at  optimizing  the  full  supply 
chain. 

Juan  Carlos  Soto,  director  of 
advanced  development  at  Sun, 
said  Capgemini  brings  RFID 
expertise,  and  his  company 
brings  the  systems  to  analyze, 
manage  and  process  the  data 
that  will  be  generated. 

But  Jeff  Woods,  an  analyst 
at  Gartner  Inc.,  said  that  if 
customers  merely  want  to 
comply  with  the  Wal-Mart 
mandate  by  taking  a  “slap  and 
ship”  approach,  such  partner¬ 
ships  and  expensive  offerings 
will  fall  apart.  “You  don’t  need 
$300-an-hour  consultants  to 
tell  you  how  to  label  prod¬ 
ucts,”  he  said. 

Woods  claimed  that  most 
suppliers  facing  compliance 
deadlines  from  Wal-Mart  have 
given  up  on  finding  an  inter¬ 
nal  business  case  at  this  point. 
©  46748 


can  be  networked,  giving  Ford 
the  ability  to  monitor  printer 
use  through  a  portal.  Ford  em¬ 
ployees  will  replace  paper  and 
toner,  but  HP  will  manage  the 
remaining  functions. 

Printer  outsourcers  are  paid 
in  a  variety  of  ways,  from  per 
page  to  fixed  rates.  But  key  to 
any  payment  method  is  having 
a  view  into  how  printers  are 
used,  users  said. 

Tim  Armstrong,  chief  finan¬ 
cial  officer  and  former  CIO  at 
Vinson  &  Elkins  LLP,  has  out¬ 
sourced  printing  operations 
for  the  past  three  years  to  Lex¬ 
mark  International  Inc.  in  Lex¬ 
ington,  Ky.  Attorneys  at  the 
Houston  law  firm  print  about 
30  million  pages  annually. 
Printing  costs  used  to  account 
for  about  5%  of  its  IT  spend¬ 
ing;  they’re  now  about  2.9%  to 
3.2%.  Armstrong  said  he  be¬ 
lieves  costs  will  decline  fur¬ 
ther  as  the  firm  installs  more 
shared  printers.  ©  46749 


MORE  ONLINE 

Multinational  firms  can  receive  integrated 
offerings  as  a  result  of  an  outsourcing  deal 
between  HP  and  BP  Group: 

OQuickLink  46756 

www.computei-world.com 
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SCO  Cuts  Jobs 
In  Bid  for  Profits 

The  SCO  Group  Inc.  said  it  has  laid 
off  an  unspecified  number  of 
workers  in  an  effort  to  make  its 
Unix  software  operations  prof¬ 
itable  by  the  end  of  its  third  quar¬ 
ter  in  July.  A  spokesman  said  the 
cuts  affected  less  than  10%  of  the 
Lindon,  Utah-based  vendor’s  275 
employees.  But  he  added  that  the 
move  involved  workers  in  all  de¬ 
partments,  including  engineering. 


Delta  Stays  Mum  on 
Cause  of  IT  Glitch 

Delta  Air  Lines  Inc.  declined  to 
comment  about  the  cause  of  a 
systems  glitch  that  forced  it  to 
cancel  about  40  flights  and  delay 
an  unspecified  number  of  depar¬ 
tures  on  May  1.  The  Atlanta-based 
airline  has  “resolved  the  situa¬ 
tion,”  said  a  spokeswoman.  But, 
she  added,  “as  a  matter  of  com¬ 
pany  policy,  we  will  not  provide 
additional  information  on  the  is¬ 
sue  to  ensure  the  protection  of 
our  IT  systems.” 


Gates  Pays  Fine 
Over  Stock  Buy 

The  U.S.  Department  of  Justice 
said  Bill  Gates,  Microsoft  Corp.’s 
chairman  and  chief  software  ar¬ 
chitect,  has  agreed  to  pay  an 
$800,000  civil  penalty  to  settle 
charges  that  he  violated  stock¬ 
buying  requirements  in  2002.  The 
case  involved  a  $50  million  stock 
purchase  that  Gates  made  in  ICOS 
Corp.,  a  pharmaceutical  maker  in 
Bothell,  Wash.,  through  his  per¬ 
sonal  investment  company. 


Short  Takes 

The  BRITISH  BROADCASTING 
CORP.  has  chosen  Accenture  Ltd., 
Computer  Sciences  Corp.  and 
Siemens  AG  as  the  finalists  for  an 
IT  services  deal  that  will  include 
the  sale  of  its  BBC  Technology 

Holdings  Ltd.  unit _ SAP  AG 

said  it  plans  to  increase  its  head 
count  of  software  developers  in 
India  to  1,500  by  year’s  end,  up 
from  about  1,000  now. 


[  ONTHEMARK 


HOT  TECHNOLOGY  TRENDS,  NEW  PRODUCT 
NEWS  AND  INDUSTRY  GOSSIP  BY  MARK  HALL 


Scrapping  and  Fixing 
Data  Can  Cost . . . 


. . .  companies  at  least  10%  of  their  yearly  revenue. 
And  if  your  data  quality  is  bad  enough,  that  figure 
can  reach  a  staggering  25%.  That’s  the  analysis  of 
Larry  English,  president  of  Information  Impact 
International  Inc.,  a  data  quality  consultancy  with 


headquarters  in  Brentwood, 
Tenn.  He  points  out  that  it’s 
not  cheap  to  hunt  down  and 
eliminate  or  fix  bogus  infor¬ 
mation.  But  indirect  costs  can 
be  far  greater  —  you  could 
lose  customers  if  you  jerk 
them  around  with  bad  infor¬ 
mation,  and  ambiguous  or  ab¬ 
sent  data  could  result  in 
missed  opportunities.  So, 
it’s  undoubtedly  a  Martha- 
Stewart-quality  good  thing 
that  Firstlogic  Inc.  in  La 
Crosse,  Wis.,  this  week  un¬ 
veils  its  beta  version  of  IQ8 
Integration  Studio.  The  new 
product  helps  you  work  with 
your  line-of-business  col¬ 
leagues  to  define  data  quality 
policies  that  can  be  applied 
across  all  applications 
throughout  the  company.  It 
uses  standards-based  Web 
services  to  link  to  other  pro¬ 
grams.  It  also  comes  with 
Data  Quality  Blueprints,  tem¬ 
plates  designed  for  special¬ 
ized  data-quality  needs  such 
as  those  of  consumer  market¬ 
ing  groups.  The  product  can 
be  run  in  batch  mode  or  be 
applied  to  real-time  trans¬ 


actions.  It  works  with  data  on 
Oracle,  SQL  Server  and 
MySQL  databases.  DB2  com¬ 
patibility  is  in  the  works.  The 
IQ8  Integration  Studio  will  be 
generally  available  June  30, 
with  prices  starting  at 
$100,000. 


Multifunction  network 
appliance  claims . . . 

...  irk  load-balanc¬ 
ing  vendor.  Bill 
Kish,  CEO  and 
CTO  of  Coyote 
Point  Systems 
Inc.  wants  to  re¬ 
spond  to  state¬ 
ments  made  here 
by  Craig  Stouffer, 
marketing  vice 
president  at  Red- 
line  Networks 
Inc.  [QuickLink 
45582].  “You  can  produce  an 
appliance  that  you  claim  can 
do  everything.  But  it  won’t  do 
anything  particularly  well,” 
Kish  fires  back.  He  says  he 
has  heard  such  claims  from 
other  companies,  too.  But  he 
argues  the  only  vendor  that 
could  conceivably  make  such 


BILL  KISH 

says  no 
network 
appliance 
can  claim 


everything. 


COYOTE  POINTS  EQUALIZER  450 


a  claim  is  his  neighbor 
Cisco  Systems  Inc. 

“And,  as  far  as  I  know, 
they’re  not,”  he  adds. 

Kish  suggests  that 
“dedicated  solutions”  are  far 
better  because  the  engineers 
don’t  stray  too  far  from  their 
area  of  expertise.  Still,  in  the 
coming  months  San  Jose- 
based  Coyote  Point  Systems 
will  add  data  compression  to 
its  line  of  Equalizer  traffic 
management  appliances  and 
shift  from  building  its  hard¬ 
ware  to  getting  it  directly 
from  Dell  Inc.  and  adding  the 
software.  Equalizer  appli¬ 
ances  start  at  $3,995. 

New  network  traffic 
management  vendor 
elbows . . . 

...  its  way  into  crowded  market. 

What  with  Cisco,  Coyote 
Point  Systems,  NetScaler  Inc., 
Redline  and  many  others  of¬ 
fering  an  array  of  traffic  man¬ 
agement  gear,  you’d  think  that 
would  be  enough.  Nope.  This 
week  comes  the  announce¬ 
ment  that  Crescendo  Americ¬ 
as  Inc.  in  Dublin,  Calif.,  will 
open  its  doors  for  business, 
selling  the  CN  5000-E  appli¬ 
ance  running  its  Maestro  net¬ 
work  traffic  management 
software.  President  Steve  Els¬ 
ton  says  that  with  1  Gigabit 
Ethernet  making  headway  in 
data  centers  and  10  Gigabit 
“just  around  the  corner,” 

Web,  application  and  data¬ 
base  servers  will  collapse  un¬ 
der  the  increased  load.  The 
appliance,  now  in  late  beta, 
will  ship  in  early  June  and  set 
you  back  about  $19,995. 

Sarbanes-Oxley 
smiles  on  BPM . . . 

. . .  vendors  that  offer  compliance 
templates.  Suppliers  of  busi¬ 
ness  process  man¬ 
agement  (BPM  — 
not  to  be  confused 
with  the  other  BPM, 
business  perfor¬ 
mance  management) 
tools  are  quickly 
churning  out  mod¬ 


ules  with  dashboard  viewers 
so  executives  can  check  at  a 
glance  whether  they  are  in 
compliance  or  in  danger- 
Will-Robinson  territory.  The 
willingness  of  jail-conscious 
CEOs  and  CFOs  to  sign  hefty 
checks  for  BPM  software 
helped  propel  15%  growth  for 
the  market  segment  last  year, 
according  to  Dataquest  Inc. 

Sebastian  Risse,  director  of 
product  development  at 
CommerceQuest  Inc.  in  Tam¬ 
pa,  Fla.,  says  last  year  was 
also  the  first  time  BPM 
ceased  to  be  “a  solution  look¬ 
ing  for  a  problem.”  Competi¬ 
tor  Daryn  Walters,  vice  presi¬ 
dent  of  worldwide  marketing 
at  HandySoft  Global  Corp.  in 
Vienna,  Va.,  adds  that  buying 
patterns  shifted  in  2003  from 
purely  an  IT  sell  to  one  that 
now  includes  the  business 
units,  which  seem  more  will¬ 
ing  to  invest  than  IT  did. 
Sensing  that  they  have  a 
chance  to  broaden  their  value 
inside  companies,  BPM  ven¬ 
dors  are  dipping  their  toes 
into  new  areas.  For  example, 
an  upcoming  release  of  Com- 
merceQuest’s  Traxion  BPM 
software  will  be  able  to  inte¬ 
grate  with  Microsoft  Project 
—  or  eliminate  it,  since  Trax¬ 
ion  will  have  a  complete  proj¬ 
ect  management  engine.  And 
HandySoft,  which  this  week 
unveils  its  BizFlow  9  upgrade, 
includes  a  new  simulation 
tool  that  lets  you  run  what-if 
scenarios  on  how  changes  to 
a  business  process  will  affect 
an  organization.  It  will  also 
come  with  a  risk  mitigation 
feature  that  warns  users 

when  a  given  proc¬ 
ess’s  conditions  get 
out  of  whack.  Look 
for  BPM  to  become 
the  blazing  buzzword 
(or  is  that  buzz- 
acronym?)  of  2004. 

©  46730 


BPM  revenue 
in  2003, 
according 
to  Dataquest. 


With  SAS®  software’s  new  Intelligence  Platform,  you  can... 


Drive  the  value  of  your  investment  in 
operational  software.  Once  and  for  all 


INTELLIGENT  STORAGE 

ETL  PROCESS 

DATA  QUALITY 

BUSINESS  INTELLIGENCE 

ANALYTIC  INTELLIGENCE 


SAS  introduces  a  software  breakthrough  for  sharing  mission-critical  intelligence,  in  just  the  right 
context,  with  everyone  from  executives  to  knowledge  workers.  And  for  increasing  the  value  of  your 
IT  investment  every  step  of  the  way -from  aggregating  and  ensuring  the  quality  of  data,  from  any 
source,  to  transforming  that  data  into  predictive  insight  using  the  world’s  best  analytics.  Can  one 
intelligence  platform  truly  fit  all  your  needs,  within  IT  and  across  your  enterprise?  Let  us  prove  it. 
Call  toll  free  1  866  791  3183  or  visit  our  Web  site. 

www.sas.com/itbreakthrough 
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Cisco  Adds  Support  for 
WLANs  to  Its  Switches 

New  module  will  let  Catalyst  6500s 
centrally  manage  wireless  networks 


BY  BOB  BREWIN 

ISCO  SYSTEMS  INC. 
last  week  announced 
plans  to  add  wireless 
LAN  management 
capabilities  to  its  Catalyst 
6500  switch  line,  a  move  that 
will  give  IT  managers  the  abil¬ 
ity  to  control  their  wired  and 
wireless  networks  from  a  sin¬ 
gle  device. 

Cisco  is  aiming  the  Wire¬ 
less  LAN  Services  Module 
(WLSM)  at  large  corporate, 


academic  and  health  care  net¬ 
works,  said  Bill  Rossi,  vice 
president  of  its  WLAN  divi¬ 
sion.  He  added  that  the  Cata¬ 
lyst  6500  add-on  supports  50- 
millisecond  handoffs  between 
wireless  access  points  when 
end  users  roam  across  WLAN 
subnetworks,  improving  Cis¬ 
co’s  ability  to  support  applica¬ 
tions  such  as  voice  over  IP. 

Network  managers  can  also 
use  WLSM-equipped  switches 
to  add  firewalls  plus  intrusion- 


detection  and  filtering  capa¬ 
bilities  to  WLANs,  Rossi  said. 
In  addition,  they  can  segment 
groups  of  mobile  users  and 
give  them  different  levels  of 
access  to  data. 

John  Hummel,  CIO  at  Sutter 
Health  in  Sacramento,  said 
he’s  testing  the  WLSM  and 
plans  to  use  the  device  to 
manage  Cisco-based  WLANs 
in  Sutter’s  25  hospitals  in  Cali¬ 
fornia.  He  also  intends  to  use 
the  module  to  manage  VoIP 
calls  when  Sutter  starts  testing 
hands-free  voice  devices  made 
by  Vocera  Communications 
Inc.  later  this  year. 


Sutter  is  engaged  in  a  mas¬ 
sive  project  to  upgrade  its  hos¬ 
pital  buildings  and  the  IT  net¬ 
works  in  them.  Many  of  the 
hospitals  are  insulated  with 
asbestos,  and  Hummel  said  in¬ 
stalling  WLANs  is  far  less  ex¬ 
pensive  than  the  cost  of  the 
asbestos  mitigation  work  that 
would  be  needed  to  build  new 
wired  networks. 

The  base  configuration  of 
the  WLSM  costs  $18,000  and 
can  manage  up  to  150  of  Cis¬ 
co’s  access  points.  For  another 
$8,000,  users  can  buy  a  license 
for  the  company’s  Inter¬ 
networking  Operating  System 
software  that  lets  them  control 
a  total  of  300  access  points. 
Rossi  estimated  that  the  total 
cost  of  adding  a  WLSM  mod¬ 
ule  to  a  Catalyst  6500  switch 
and  installing  wireless  access 
points  would  be  between  $500 


Cisco  Rivals  Ready  WLAN  Responses 


In  the  wake  of  Cisco’s  Wireless 
LAN  Services  Module  announce¬ 
ment,  Airespace  and  Symbol 
Technologies  will  both  announce 
plans  to  beef  up  their  WLAN 
product  lines  at  this  week’s  Net- 
world+lnterop  conference  in  Las 
Vegas. 

Airespace  will  introduce  its  In¬ 
telligent  RF  Access  Point,  which 
uses  so-called  smart  antenna 
technology  to  improve  WLAN 
performance.  Four  receive  and 
four  transmit  antennas  are 


mounted  on  the  access  point,  al¬ 
lowing  it  to  select  the  best  radio 
frequency  paths  to  and  from  mo¬ 
bile  users,  said  Jeff  Aaron,  senior 
marketing  manager  at  Airespace. 

The  multiple-antenna  setup 
also  helps  reduce  interference 
between  access  points  and  client 
devices  and  can  help  IT  man¬ 
agers  zero  in  on  rogue  access 
points  installed  on  a  network, 
Aaron  added.  The  new  access 
point  is  due  in  the  third  quarter 
and  will  be  priced  at  an  undis¬ 


closed  premium  over  Airespace’s 
standard  access  points,  which 
sell  for  about  $400. 

Airespace  also  plans  to  intro¬ 
duce  software  that  can  pinpoint 
the  locations  of  mobile  devices 
“within  a  few  meters”  using  radio 
frequency  fingerprinting  technol¬ 
ogy  developed  by  the  company, 
along  with  a  location  appliance 
that  can  track  thousands  of  wire¬ 
less  clients  simultaneously, 

Aaron  said. 

Holtsville,  N.Y.-based  Symbol 


Technologies  is  will  announce  its 
Mobility  Services  Suite,  a  set  of 
applications  that  IT  managers 
can  use  to  automatically  provi¬ 
sion,  configure  and  manage  mo¬ 
bile  devices  and  WLANs.  Lee 
Williams,  general  manager  of 
Symbol’s  mobility  division,  said 
the  software  will  be  available  in 
July  or  August. 

-BobBrewin 

MORE  N+l  NEWS 

For  additional  coverage  of  the 
conference  and  products  being 
announced  there,  visit  our  Web  site: 
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Proposed  Bill  Seeks  Stronger 
Privacy  Protection  Offshore 


Status  of  data  now 
offshore  unclear 


BY  JAIKUMAR  VIJAYAN 

Proposed  legislation  in  Con¬ 
gress  could  have  some  impor¬ 
tant  privacy  and  security  im¬ 
plications  for  companies  out¬ 
sourcing  work  to  offshore  des¬ 
tinations. 

The  bill  (S1232),  called  the 
Safeguarding  Americans  From 
Exporting  Identification  Data 


Act  (SAFE-ID),  was  intro¬ 
duced  by  Sen.  Hillary  Rodham 
Clinton  (D-N.Y.)  last  month. 

It  has  been  referred  to 
the  Senate  Committee  on 
Commerce,  Science  and 
Transportation. 

Calls  to  Sen.  Clinton’s  office 
seeking  comment  weren’t  re¬ 
turned,  so  it’s  unclear  whether 
a  hearing  on  the  bill  has  been 
scheduled  or  whether  a  com¬ 
panion  bill  has  been  intro¬ 
duced  in  the  House. 


“We  don’t  know  if  this  thing 
has  legs  or  not  yet,”  said  Peter 
Adler,  a  partner  at  Foley  & 
Lardner  LLP  in  Washington. 
“But  I  don’t  think  that  this  will 
be  the  last  we  are 
hearing  of  bills  such 
as  this.”  California 
alone  has  more  than 
a  half-dozen  pending 
bills  that  seek  to  im¬ 
pose  varied  privacy 
safeguards  on  out¬ 
sourced  personal  in¬ 
formation. 

Driving  interest  in 
such  legislation  are 
the  growing  privacy 
concerns  relating  to 


financial  and  health  care  in¬ 
formation  being  sent  offshore 
as  part  of  outsourcing  initia¬ 
tives,  including  medical  tran¬ 
scription  work,  he  said. 

SAFE-ID  proposes 
a  set  of  privacy- 
related  conditions 
that  need  to  be  met 
by  U.S.  companies 
transmitting  person¬ 
ally  identifiable  in¬ 
formation  to  a  for¬ 
eign  affiliate  or  sub¬ 
contractor.  Under 
the  proposed  act, 
companies  could 
transmit  such  infor¬ 
mation  to  any  coun- 


16%r 


In  SEN.  CLINTON  ‘s 

bill,  companies 
must  meet  a  set  of 
privacy-related 
conditions  to  trans¬ 
mit  data  abroad. 


and  $1,000  per  access  point. 

That  would  be  roughly  com¬ 
parable  to  what  competitors 
like  Airespace  Inc.  and  Symbol 
Technologies  Inc.  charge  for 
switch-based  systems  that  only 
manage  WLANs.  For  example, 
San  Jose-based  Airespace  sells 
its  access  points  for  $400  and 
switches  for  $12,000  to  $14,000. 
Jeff  Aaron,  senior  manager  of 
marketing  at  Airespace,  said 
that  he  found  “nothing  surpris¬ 
ing”  in  the  WLSM  announce¬ 
ment  and  claimed  that  Cisco 
was  following  his  company’s 
technology  lead. 

Aaron  acknowledged  that 
Cisco’s  addition  of  WLAN 
support  to  its  market-leading 
switches  could  put  competi¬ 
tive  pressure  on  other  ven¬ 
dors,  but  he  said  Airespace 
hopes  to  continue  taking  ad¬ 
vantage  of  its  reseller  deals 
with  Alcatel,  NEC  Corp.  and 
Nortel  Networks  Ltd. 

“Airespace  put  the  switch 
into  wireless,  and  Cisco  put 
wireless  into  the  switch,”  said 
Craig  Mathias,  an  analyst  at 
Farpoint  Group  in  Ashland, 
Mass.  He  added  that  he  thinks 
the  market  for  enterprise-class 
WLANs  is  starting  to  heat  up 
now  that  many  security  con¬ 
cerns  have  been  resolved. 

Cisco  has  been  a  proponent 
of  decentralized  WLANs,  but 
Rossi  said  the  addition  of  the 
WLSM  isn’t  a  wholesale 
change.  The  company  will 
continue  to  build  software 
that  manages  the  airwaves  and 
security  functions  into  its  ac¬ 
cess  points,  he  said.  ©  46746 


try  that  is  deemed  by  the  Fed¬ 
eral  Trade  Commission  to 
have  a  legal  system  that  pro¬ 
vides  for  “adequate  privacy 
protection.” 

But  the  law  as  proposed 
doesn’t  address  data  that  has 
already  been  transmitted  to 
and  stored  in  foreign  loca¬ 
tions,  said  Stephen  Wu,  CEO 
of  Infosec  Law  Group,  a  law 
firm  in  Mountain  View,  Calif. 
It’s  also  vague  about  what 
would  happen  in  situations 
when  data  might  be  retrans¬ 
mitted  by  subcontractors,  said 
Wu.  “There’s  going  to  be  a  lot 
of  interpretations  if  this  be¬ 
comes  law,”  he  said.  ©  46751 
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Visual  Studio 


Visual  Studio.NET  2003  can  cut  development  time 
by  two-thirds,  giving  you  more  time  to  think. 

Got  a  big  idea?  Visual  Studio®  .NET  2003  delivers  higher 
productivity,  helping  you  turn  that  big  idea  into  reality 
faster  than  you  ever  thought  possible.  Want  proof? 
Visual  Studio  .NET  enabled  Xerox  Global  Services  to 
bring  the  v2.0  release  of  its  CentreWare  Web  software 
to  market  in  one-third  the  time  compared  to  their 
previous  development  platform.  To  find  out  how  Visual 
Studio  .NET  2003  can  help  you  quickly  turn  your  big 
ideas  into  reality,  visit  msdn.microsoft.com/visual/think 


12 


COMPUTERWORLD  May  10, 2004 


NEWS 


www.computerworld.com 


Sasser  Outbreak  Demonstrates 
Need  for  Quick  Patch  Response 


Vulnerability  management  is  key  to 
defenses  as  attackers  improve  tactics 


vulnerable  for  an 
extended  period 
of  time.” 

A  large  majority 
of  those  infected 
last  week  were  be¬ 
lieved  to  be  home 
users.  But  several 
large  organiza¬ 
tions  were  hit  as 
well,  including 
American  Express 
Co.  in  New  York. 
An  Amex  spokes- 


The  big 
thing  was 
the  speed  with 
which  we  were 
able  to  deploy 
patches  to  our 
desktop. 

BILL  BLIX,  GLOBAL  INFRA¬ 
STRUCTURE  VULNERABILITY 
MANAGER.  TRW  AUTOMOTIVE 


Several  users 
said  companies 
would  have  been 
protected  if  they 
had  followed 
long-recommend¬ 
ed  security  mea¬ 
sures,  such  as 
knowing  where 
vulnerabilities 
exist,  prioritizing 
threats  and  re¬ 
sponses,  apply¬ 
ing  appropriate 


BY  JAIKUMAR  VIJAYAN 

ast  week’s  Sasser 
worm  outbreak,  which 
disrupted  operations 
at  some  businesses 
while  leaving  most  virtually 
untouched,  highlighted  the 
difference  a  good  vulnerability 
management  strategy  can 
make  to  a  company’s  defenses, 
users  and  analysts  said. 

The  W32/Sasser  worm  start¬ 
ed  spreading  on  April  30,  and 
by  the  middle  of  last  week,  it 
had  infected  hundreds  of  thou¬ 
sands  of  systems  globally. 

The  worm  took  advantage 
of  a  flaw  in  a  Windows  securi¬ 
ty  and  authentication  compo¬ 
nent  that  Microsoft  Corp.  dis¬ 
closed  on  April  13.  Microsoft 
released  a  patch  to  fix  the 
problem  on  the  same  day,  and 


SEATTLE 

At  its  annual  Windows  Hardware 
Engineering  Conference  (Win- 
HEC)  here  last  week,  Microsoft 
Corp.  outlined  its  latest  plans  for 
Longhorn  and  64-bit  Windows, 
as  well  as  a  proposal  designed 
to  help  users  connect  devices  via 
Web  services. 

Jim  Allchin,  Microsoft’s  group 
vice  president  of  platforms,  con¬ 
firmed  during  a  keynote  address 
that  Microsoft  has  “tied  together" 
development  efforts  for  the  client 
and  server  versions  of  Longhorn, 
the  code  name  for  the  next  major 
Windows  release.  Allchin  didn’t 
clarify  whether  aligning  develop¬ 
ment  of  the  Longhorn  client  and 
server  also  means  that  they  will 
be  released  simultaneously. 

But  in  March,  Bob  Muglia,  se¬ 
nior  vice  president  of  Microsoft’s 
Windows  Server  division,  told 
Computerworld,  “They  will  al- 


since  then,  the  company  and 
several  security  experts  have 
been  urging  users  to  install  the 
update  as  soon  as  possible. 

The  fact  that  the  worm 
managed  to  infiltrate  some 
corporate  networks  despite 
the  warnings  shows  that  there 
is  still  progress  to  be  made  in 
promptly  responding  to  such 
vulnerabilities,  said  Art  Man- 
ion,  a  member  of  the  CERT 
Coordination  Center  at  Carne¬ 
gie  Mellon  University. 

“Some  organizations  have 
streamlined  patching  and  poli¬ 
cy  management  to  roll  out  im¬ 
portant  updates  in  a  matter  of 
days,”  said  Ken  Dunham,  an 
analyst  at  Reston,  Va.-based 
iDefense  Inc.  “Others  are  so 
careful  and  test  so  many  fea¬ 
tures  that  they  end  up  being 


most  always  ship  at  different 
times  in  the  future.  Clients  need 
slightly  less  bake  time  than 
servers  do.” 

A  first  Longhorn  beta  is  still 
planned  for  early  next  year, 
Allchin  said.  Although  Microsoft 
has  pointed  to  2006  as  the  inter¬ 
nal  target  date  for  the  Longhorn 
client  release,  Allchin  didn’t  give 
a  target  date  for  the 
client  or  server  ver¬ 
sions  of  the  software. 

All  WinHEC  attendees 
received  a  developer 
preview  version  of 
Longhorn. 

Also  last  week, 

Microsoft  announced 
that  it  will  deliver  ver¬ 
sions  of  Windows  XP 
and  Windows  Server 
2003  for  64-Bit  Ex¬ 
tended  Systems  in  the 
fourth  quarter.  Previ- 


woman  said  that 
“some  employee  desktops” 
were  affected  by  the  worm. 
“But  we  never  had  any  issues 
with  our  networks  or  service,” 
she  added. 

“This  was  a  big  one.  But  I 
am  amazed  that  it  got  as  far  as 
it  did,”  said  Firas  Rouf,  chief 
operating  officer  at  eEye  Digi¬ 
tal  Security,  an  Aliso  Viejo, 
Calif.-based  provider  of  vul¬ 
nerability  assessment  services. 


ously,  the  company  had  said  only 
that  it  would  ship  the  software  in 
the  second  half  of  the  year. 

Microsoft  also  plans  to  release 
versions  of  Longhorn  for  Itanium 
and  64-bit  extended  systems 
as  well  as  a  32-bit  edition,  ac¬ 
cording  to  6reg  Sullivan,  a  lead 
product  manager  for  Windows. 

In  a  keynote  address,  Microsoft 
Chairman  and  Chief 
Software  Architect  Bill 
Gates  said  he  expects 
that  by  the  end  of 
2005,  nearly  all  of  the 
processors  shipped 
by  Advanced  Micro 
Devices  Inc.  and  the 
majority  of  the  proces¬ 
sors  Intel  Corp.  ships 
will  support  64-bit 
computing. 

Gates  predicted 
that  the  move  from 
32  to  64  bits  will  be 


patches,  keeping 
antivirus  software  up  to  date, 
blocking  unused  ports  and  in¬ 
stalling  firewalls  on  end-user 
desktops. 

TRW  Automotive  Holdings 
Corp.  in  Livonia,  Mich.,  es¬ 
caped  Sasser  thanks  largely  to 
new  patch  management  soft¬ 
ware  that  it  had  just  finished 
deploying  across  22,500  sys¬ 
tems  globally.  The  software 
from  Emeryville,  Calif.-based 


smoother  and  faster  than  previ¬ 
ous  transitions,  which  he  said 
were  sometimes  “messy.” 

Microsoft  executives  urged 
hardware  makers  to  build  drivers 
for  the  upcoming  64-bit  releases 
of  Windows,  lest  the  adoption  of 
64-bit  computing  be  held  back 
by  hardware  incompatibilities. 

“The  app  compatibility  is 
good,  the  OS  support  is  compre¬ 
hensive.  What's  the  one  thing 
we  need?  Sixty-four-bit  drivers,” 
Allchin  said. 

Also  at  WinHEC,  Microsoft, 
Intel,  Lexmark  International  Inc. 
and  Ricoh  Corp.  detailed  new 
Web  services  technology  that 
is  designed  to  make  it  easier 
for  users  to  connect  devices 
such  as  printers,  digital  cameras 
and  digital  music  players  over  a 
network. 

-  Joris  Evers, 
IDG  News  Service 


BigFix  Inc.  helped  TRW  iden¬ 
tify  vulnerable  systems  and 
deploy  patches  to  them  in  an 
automated  fashion. 

“The  big  thing  was  the 
speed  with  which  we  were 
able  to  deploy  patches  to  our 
desktops,”  said  Bill  Blix, 

TRW’s  global  infrastructure 
vulnerability  manager. 

Proactive  Approach 

Meanwhile,  software-  and 
hardware-based  firewalls  in¬ 
stalled  on  every  end-user  sys¬ 
tem  protected  St.  Louis-based 
Tripos  Inc.  against  Sasser. 

As  soon  as  the  drug  re¬ 
search  firm  heard  of  the  vul¬ 
nerability,  it  changed  the  set¬ 
tings  on  those  firewalls  to 
proactively  block  any  attacks, 
said  Jerry  Wintrode,  senior 
network  architect  at  Tripos. 

It  also  changed  the  settings 
on  a  policy  enforcement  serv¬ 
er  at  the  edge  of  its  networks 
so  that  it  would  automatically 
shut  out  any  remote  system 
that  might  have  somehow 
been  infected,  Wintrode  said. 
(See  “Extended  Enforcement,” 
page  21.) 

Attackers  are  getting  quick¬ 
er  and  more  efficient  at  taking 
advantage  of  new  flaws.  Last 
year’s  damaging  Blaster  worm 
—  which  Sasser  was  compared 
to  —  took  about  a  month  to  hit 
the  Internet  after  the  flaw  it 
exploited  was  first  announced. 
In  contrast,  Sasser  took  less 
than  three  weeks. 

Patches  and  work-arounds 
can  be  faulty  or  break  existing 
applications  and  need  to  be 
carefully  tested  before  they 
are  deployed.  Companies  also 
need  to  make  more  of  an  effort 
to  ensure  that  systems  belong¬ 
ing  to  mobile  and  home-based 
users  don’t  infect  otherwise 
clean  networks.  But  a  plethora 
of  tools  are  becoming  available 
today  that  are  making  the  task 
more  manageable,  Rouf  said. 

“It’s  not  easy,”  he  said.  “On 
the  other  hand,  it’s  not  as  hard 
as  it  used  to  be.”  ©  46753 

MORE  THIS  ISSUE 

Frank  Hayes  finds  a  method  to  worm 
writers'  madness.  Page  46 


More  Online:  Visit  our  Virus  and  Worm 
Center  for  additional  information: 

QuickLink  a1280 
www.computerworld.com 
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Microsoft  Outlines  Plans  for  Longhorn,  64-bit  Computing 


ALLCHIN  says 
Microsoft  develop¬ 
ment  efforts  for 
Longhorn  clients 
and  server  versions 
are  being  aligned. 


GETTING  NEW 
NETWORK  SECURITY 
PRIVILEGES  FOR  SCO 
USERS'?  THAT'LL  TAKE 
VAVS...WEEKS... 


O 

o 

o 

0  enterasys 

Networks  that  Know 


See  us  at  NetWorld+Interop  2004 
Booth  #2029 


These  days,  no  network  is  free  of  threats.  That’s  why  you  have  to  assign  network  security  privileges  to  everyone. 
Employees,  customers,  and  partners.  You  need  to  set  an  acceptable  use  policy  that  dictates  what  each  of  them  can 
and  can’t  access.  Until  now,  you  had  to  do  this  manually. 

Not  anymore.  Now  you  can  do  what  Baylor  University  did.  Implement  an  Enterasys  Secure  Networks™  solution  with 
a  unique,  policy-based  system  that  empowers  the  network  to  allocate  resources  based  on  specific  users  and  their 
roles.  The  network  “sees”  who  the  user  is  and  assigns  privileges  accordingly.  This  improved  control  also  gives  you 
more  security. 

It’s  all  about  giving  you  a  smarter  way  to  network  with  central,  intuitive  management.  Find  out  more  by  visiting 
enterasys. com/seconds.  Or  ask  any  one  of  the  many  enterprise  customers  we’ve  worked  with  for  years. 
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Siebel  Taps  IBM  Sales 
Chief  for  CEO  Post 


Founder  remains 
chairman,  gives  up 
management  role 

BY  MARC  L.  SONGINI 

HOMAS  SIEBEL  last 
week  passed  the 
CEO’s  mantle  at  the 
CRM  vendor  that 
bears  his  name  to  veteran  IBM 
executive  Michael  Lawrie  — 
a  move  that  comes  as  Siebel 
Systems  Inc.  is  trying  to  re¬ 
bound  from  two-plus  years 
of  declining  revenue. 

Siebel  will  remain  as  chair¬ 
man  and  continue  to  be  a  full¬ 


time  employee  of  the  compa¬ 
ny.  But  he  said  during  a  tele¬ 
conference  that  Lawrie,  who 
previously  was  head  of  world¬ 
wide  sales  operations  at  IBM, 
will  take  over  full  manage¬ 
ment  responsibility.  “Mike 
runs  the  company,”  Siebel  said. 
“The  executive  team  reports 
to  Mike.” 

Tim  Arnold,  IT  manager  at 
Bose  Corp.,  said  the  manage¬ 
ment  change  probably  won’t 
have  much  of  a  day-to-day 
impact  on  the  Framingham, 
Mass.,  maker  of  audio  systems. 
But  Lawrie’s  addition  may  help 
dislodge  Siebel  from  its  finan¬ 


cial  rut,  added  Arnold,  whose 
company  uses  the  vendor’s 
sales  force  automation  soft¬ 
ware  and  other  applications. 

“Hopefully,  some  new  blood 
will  make  a  difference,”  he 
said.  “Sometimes  you  just 
need  a  new  perspective.” 

However,  Lawrie  said  he 
doesn’t  plan  to  make  any  “sig¬ 
nificant  changes”  to  Siebel’s 
management  team  over  the 
next  12  months.  The  new  CEO 
added  that  he  intends  to  main¬ 
tain  the  company’s  current 
strategy  as  well. 

It’s  still  unclear  what  the 
transition’s  effect  on  users  will 


SAP  Seeks  to  Boost 
Use  of  Middleware  Suite 


BY  MARC  L.  SONGINI 

SAP  AG  plans  to  use  its  Sap¬ 
phire  ’04  conference  this  week 
to  try  to  sell  its  ERP  installed 
base  on  the  idea  of  investing 
in  newer  products,  particular¬ 
ly  the  company’s  NetWeaver 
middleware  technology. 

At  the  conference,  which 
starts  tomorrow  in  New  Or¬ 
leans,  SAP  will  unveil  new 
bundles  of  its  business  appli¬ 
cations  and  announce  a  deal 
with  a  large  maker  of  con¬ 
sumer  packaged  goods  to 
jointly  develop  a  CRM  offer¬ 
ing  for  users  in  that  market, 
said  SAP  America  Inc.  spokes¬ 
man  William  Wohl.  He  de¬ 
clined  to  disclose 
the  identity  of  the 
consumer  goods 
company  or  pro¬ 
vide  further  de¬ 
tails  about  the 
agreement. 

But  SAP’s  main 
goal  at  Sapphire 
will  be  to  demon¬ 
strate  to  users  that 
products  like  Net- 
Weaver  can  help 
them  cut  IT  oper¬ 


ating  costs,  Wohl  said.  Net- 
Weaver,  which  includes  an  in¬ 
tegration  broker  and  products 
such  as  SAP’s  data  warehous¬ 
ing  and  portal  software,  is  de¬ 
signed  to  help  users  seamless¬ 
ly  link  SAP’s  applications  with 
ones  from  other  vendors. 

Lori  Schock,  global  business 
process  manager  at  silicone 
products  maker  Dow  Corning 
Corp.  in  Midland,  Mich.,  said 
she  plans  to  attend  Sapphire  to 
learn  more  about  NetWeaver 
and  mySAP  ERP,  the  latest  ver¬ 
sion  of  SAP’s  flagship  R/3  soft¬ 
ware.  The  conference  “will  al¬ 
low  us  to  validate  our  architec¬ 
tural  strategic  intent,”  Schock 
said,  noting, that 
Dow  Corning  is 
running  pieces  of 
NetWeaver  in  pilot 
mode. 

The  NetWeaver 
technology  could 
make  it  easier  to 
link  R/3  to  SAP’s 
Business  One  ap¬ 
plications  for  small 
and  midsize  users 
and  to  software 
from  other  ven¬ 


dors,  Schock  said.  She  added 
that  she  also  wants  to  investi¬ 
gate  SAP’s  radio  frequency 
identification  technology  — 
“fact,  fiction  and  future.” 

In  March,  SAP  said  it  was 
building  support  for  RFID  tags 
into  an  upgrade  of  NetWeaver 
that  is  more  unified  than  earli¬ 
er  versions  were  [QuickLink 
45409].  And  last  month,  the 
company  announced  that 
users  will  be  able  to  incor¬ 
porate  RFID  data  into  a  re¬ 
lease  of  its  supply  chain  man¬ 
agement  applications  now  in 
beta  testing. 

Mike  Perroni,  vice  presi¬ 
dent  of  IT  at  Halliburton  Co. 
in  Houston,  said  he  has  partic¬ 
ular  interest  in  an  employee 
self-service  module  that  will 
be  included  in  the  next  ver¬ 
sion  of  SAP’s  Enterprise  Por¬ 
tal  software,  one  of  the  Net- 
Weaver  components. 

Because  SAP  has  put  so 
many  components  under  the 
NetWeaver  umbrella,  it’s  hard 
to  judge  how  widely  the  mid¬ 
dleware  technology  is  being 
adopted  by  users,  said  John 
Moore,  an  analyst  at  ARC  Ad¬ 
visory  Group  Inc.  in  Dedham, 
Mass.  And  it’s  an  open  ques¬ 
tion  whether  users  will  swal¬ 
low  NetWeaver  whole  or  just 
install  pieces  of  the  software, 
Moore  said.  ©  46726 


NEW  SOFTWARE 


SAP  plans  to  announce 
these  products  at  Sapphire: 

'  w  A  set  of  business 
applications  that  are 
tailored  for  public- 
sector  users 

A  CRM  bundle  for 
midsize  companies 
that  includes  software, 
services  and  best; 
practices  guidance 

'  .  £  i 


be,  said  Ken  Casey, 
vice  president  of 
corporate  services 
and  operations  at 
Alberta  Treasury 
Branches,  an  Ed¬ 
monton-based  bank 
that  runs  Siebel  ap¬ 
plications  in  its  call 
centers  and  branch 
offices. 

Casey  said  that 
he  respects  Lawrie 
and  that  the  bank 
has  had  a  “good  re¬ 
lationship  with  IBM 
over  the  years.”  As  part  of  the 
Siebel  installation,  the  bank 
uses  IBM’s  mainframe  and 
Unix  systems  and  Windows- 
based  Netfinity  servers,  plus 
its  MQSeries  messaging  soft¬ 
ware  and  DB2  database. 

Lawrie  has  a  lot  of  work  to 
do  to  restore  Siebel’s  reputa¬ 
tion  for  developing  products 
that  give  users  “great  value  and 
great  satisfaction,”  said  Rebec¬ 
ca  Wettemann,  an  analyst  at 
Nucleus  Research  Inc.  in 
Wellesley,  Mass.  “There  are 
Siebel  licenses  [at  customer 
sites]  that  are  not  being  used. 
They  must  identify  those  folks 
and  take  a  harder  look  at  cus¬ 
tomer  satisfaction.” 

Siebel’s  annual  revenue  has 
fallen  from  $2.04  billion  in 
2001  to  $1.35  billion  last  year. 
The  company  last  month  re¬ 
ported  first-quarter  revenue  of 
$329.3  million,  down  slightly 
from  the  year-earlier  level  — 


but  it  said  software 
license  sales  rose 
13%  year  over  year. 

Tom  Siebel,  51, 
last  week  said  he 
decided  a  year  ago 
to  split  the  roles  of 
CEO  and  chairman. 
Siebel  added  that 
as  chairman,  he 
will  “assist  in  any 
way  I  can,”  with  his 
duties  to  include 
providing  input  on 
corporate  strate¬ 
gies  and  working  to 
foster  relationships  with  users 
and  business  partners. 

Lawrie,  50,  had  worked  at 
IBM  for  the  past  26  years  and 
was  a  senior  vice  president 
there.  IBM  and  Siebel  did 
about  $1  billion  worth  of  joint 
business  last  year,  according 
to  Tom  Siebel.  In  addition, 
IBM  has  an  internal  installa¬ 
tion  of  about  60,000  Siebel 
end-user  licenses,  making  it 
one  of  the  CRM  vendor’s 
largest  users. 

Joshua  Greenbaum,  an  ana¬ 
lyst  at  Enterprise  Applications 
Consulting  in  Berkeley,  Calif., 
said  adding  Lawrie  may  not 
give  Siebel  a  long-term  boost. 
“Lawrie  says  he’s  playing  the 
same  game  with  the  same  set 
of  cards,”  Greenbaum  said. 
“And  with  Tom  watching  over 
his  shoulder,  I  doubt  we’ll  see 
that  new,  dramatic  shift  that 
Siebel  needs  to  recapture  its 
former  glory.”  ©  46697 


LAWRIE  will  have  full 
management  respon¬ 
sibility  at  Siebel. 


With  Lawrie  Leaving,  IBM  Shifts  Execs 


IBM  last  week  reshuffled  several 
of  its  top  executives  in  connec¬ 
tion  with  Michael  Lawrie’s  deci¬ 
sion  to  leave  his  sales  job  there 
and  take  over  the  CEO  position 
at  Siebel. 

Doug  Elix,  who  had  been  run¬ 
ning  the  company's  IT  services 
and  outsourcing  unit  since  Octo¬ 
ber  1999,  was  named  to  replace 
Lawrie  as  head  of  sales  and  dis¬ 
tribution  operations.  Taking  over 
for  Elix  at  IBM  Global  Services  is 
John  Joyce,  the  company’s  chief 
financial  officer  for  the  past  five 
years.  Mark  Loughridge,  who  had 
been  general  manager  of  global 
financing,  was  tapped  to  be  CFO. 


All  three  executives  are  senior 
vice  presidents  and  report  to 
Sam  Palmisano,  IBM’s  chairman 
and  CEO. 

In  an  internal  memo  outlining 
the  changes  to  IBM  employees, 
Palmisano  noted  Lawrie’s  depar¬ 
ture  but  described  the  series  of 
management  changes  as  busi¬ 
ness  as  usual  for  IBM. 

“The  intent  of  these  leadership 
changes  is  straightforward  -  to 
step  up  the  pace  of  our  market¬ 
place  execution  and  accelerate 
our  strategic  growth  plans,” 
Palmisano  wrote. 

-  Stacy  Cowley, 
IDG  News  Service 
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Red  Hat  Offers 
Desktop  Linux  for 
Corporate  Users 


BY  ROBERT  MCMILLAN 
AND  TODD  R.  WEISS 

Red  Hat  Inc.  last  week  an¬ 
nounced  a  desktop  version 
of  Linux  that  is  designed  for 
mainstream  corporate  users 
and  includes  open-source  doc¬ 
ument-processing  applications 
and  messaging  software. 

The  new  release,  called  Red 
Hat  Desktop,  is  a  companion 
product  to  the  vendor’s  cur¬ 
rent  client-level  offering.  But 
the  existing  product,  Red  Hat 
Enterprise  Linux  WS,  is  aimed 
at  technical  users  such  as  soft¬ 
ware  developers  and  comput¬ 
er-aided  design  engineers,  not 
office  workers. 

And  unlike  the  technical  re¬ 
lease,  which  is  sold  on  a  per- 
system  basis,  Red  Hat  Desktop 
will  be  available  in  packages  of 
10  or  50  units  when  it  begins 
shipping  this  month,  said  Mike 
Ferris,  Red  Hat’s  product  mar¬ 
keting  manager  for  Enterprise 
Linux. 

Lt.  Fred  Wissing,  applica¬ 
tion  development  services  su¬ 
pervisor  for  the  New  Jersey 
State  Police  in  West  Trenton, 
plans  to  take  a  close  look  at 
Red  Hat  Desktop  for  possible 
use  by  the  department’s  4,000 
end  users.  “We’re  going  to 
snarf  up  a  copy  and  install  it 
and  see  what  it  can  do,”  he 
said,  adding  that  the  evalua¬ 
tion  process  will  include  an 
examination  of  the  existing 
end-user  applications  to  see 
how  many  of  them  would  have 
to  be  modified  to  use  Linux. 

Wissing  said  the  depart¬ 
ment  already  uses  Linux  for  a 
variety  of  back-office  server 
functions,  but  only  one  power 


Correction 

IN  LAST  WEEK’S  On  the  Mark 
column,  pricing  for  the  NetScaler 
9000  from  NetScaler  Inc.  was 
incomplete.  The  $115,000  price 
is  for  a  5,000-user  license. 


user  is  currently  running 
desktop  Linux  as  part  of  a  tri¬ 
al.  Several  IT  staffers  have 
also  installed  Linux  on  their 
desktops,  he  said. 

Red  Hat  Desktop  will  in¬ 
clude  open-source  applications 
such  as  OpenOffice  1.1,  the 
Evolution  e-mail  client  and  the 
Mozilla  Web  browser,  Raleigh, 
N.C.-based  Red  Hat  said. 

Dan  Kusnetzky,  an  analyst  at 


Continued  from  page  1 

Wall  Street 

centers  farther  away  from 
their  primary  computing  facili¬ 
ties,  according  to  IT  managers. 

Steve  Randich,  CIO  at  Nas¬ 
daq  Stock  Market  Inc.  in  New 
York,  last  week  said  that  a 
combination  of  “peer  pressure 
and  regulatory  pressure”  is 
prodding  companies  to  ensure 
that  their  systems  will  keep 
running  if  a  disaster  occurs. 

For  example,  the  U.S.  Securi¬ 
ties  and  Exchange  Commis¬ 
sion  last  month  approved  rules 
proposed  by  the  National  As¬ 
sociation  of  Securities  Dealers 
Inc.  and  New  York  Stock  Ex¬ 
change  Inc.  that  require  firms 
to  submit  business  continuity 
plans  detailing  how  they  will 
provide  ongoing  access  to  sys¬ 
tems  during  an  emergency. 

The  plans  are  due  by  Aug.  5  for 
NYSE  members.  The  NASD 
set  deadlines  of  Aug.  11  for 
firms  that  clear  stock  trades 
and  Sept.  10  for  brokerages 
that  initiate  transactions. 

In  addition,  the  Securities 
Industry  Association  next 
week  plans  to  conduct  a  busi¬ 
ness  continuity  tabletop  exer¬ 
cise  in  conjunction  with  the 
Bond  Market  Association.  The 
SIA  said  government  regula¬ 
tors  will  be  present  at  the 
event,  in  which  participants 
will  walk  through  the  process 
of  responding  to  an  emer- 


market  research  company 
IDC,  said  the  fact  that  Red  Hat 
is  already  known  in  the  corpo¬ 
rate  server  market  should  help 
the  desktop  software  gain  ac¬ 
ceptance  from  users.  But  Red 
Hat  will  need  more  than  that 
to  succeed  with  the  product, 
he  added. 

“They’re  going  to  need  part¬ 
nerships  with  every  single  one 
of  the  desktop  hardware  sup¬ 
pliers,”  Kusnetzky  said.  “If 
there  isn’t  a  strong  story  about 
how  Linux  comes  preinstalled 
on  the  desktop  hardware  of 
your  choice,  then  it  will  not  be 
as  broadly  interesting.” 

Ferris  said  Red  Hat  execu¬ 
tives  are  working  with  systems 
vendors  to  develop  plans  for 
marketing  the  software,  but  he 


gency  and  coordinate  their 
disaster  recovery  plans. 

Nasdaq  announced  two 
weeks  ago  that  it  had  run  tests 
at  its  two  data  centers  to 
check  the  disaster  recovery 
capabilities  of  member  com¬ 
panies.  The  tests  involved 
more  than  50  brokerages  and 
were  conducted  at  the  ex¬ 
change’s  primary  data  center 
in  Connecticut  in  February 
and  at  its  backup  facility  in 
Maryland  last  month. 

“It’s  not  that  the  regulators 
are  mandating  to  see  test  re¬ 
sults,  although  internal  and 
external  auditors  and  the  SEC 
have  collected  records  on  the 
outcome  of  our  tests,”  Randich 
said.  “It’s  just  short  of  a  man- 


Nasdaq  Is  Ready 
For  Disaster 

■  The  stock  exchange's  two  data 
centers  are  located  300  miles 
apart  -  one  in  Connecticut,  the 
other  in  Maryland. 

■  The  systems  and  IT  infrastruc¬ 
ture  at  the  backup  facility  are 

equal  to  or  at  near  parity  with 
the  ones  at  the  main  data  center. 

■  Dual  utility  power  feeds  are 

provided  to  both  data  centers 

to  protect  against  outages. 

■  Both  facilities  are  in  rural 
office  parks,  so  Nasdaq  can 
maintain  a  combined  total  of 
85,000  gallons  of  diesel  fuel 
on-site  -  enough  to  run  genera¬ 
tors  for  more  than  a  week. 


PRODUCT  DETAILS 

Red  Hat  Desktop 

Runs  on  single-CPU  systems 
with  Intel  or  AMD  processors 
and  up  to  46B  of  main  memory 

■  Comes  bundled  with  Red 
Hat's  network  proxy  or 
satellite  server  software 

■  Includes  30  days  of  telephone 
support  and  one  year  of  Web- 
based  support 

■  Costs  S2.500  per  year  for  a  10- 
user  proxy  server  starter  pack 
or  $13,500  annually  for  a  50- 
user  satellite  server  installation 


added  that  no  hardware  mak¬ 
ers  are  ready  to  announce  sup¬ 
port  for  Red  Hat  Desktop. 


date,  but  that’s  enough  to  en¬ 
courage  people  to  ensure  this 
all  works  seamlessly.” 

Randich  said  there  was  no 
system  downtime  at  Nasdaq 
or  the  participating  firms  dur¬ 
ing  the  tests.  “What  we  didn’t 
know  for  certain  was  our  mar¬ 
ket  participants’  ability  to  run 
[transactions]  out  of  their 
backup  sites,”  he  said.  “This 
was  the  first  time  outside  of  a 
disaster  scenario  where  we 
were  able  to  validate  that  their 
operations  were  good.” 

Peter  Poulos,  director  and 
head  of  the  business  continu¬ 
ity  group  for  the  Americas  at 
Credit  Suisse  First  Boston  LLC 
in  New  York,  said  he  thinks 
“every  major  securities  firm 
on  the  Street”  is  facing  the 
challenge  of  showing  that  its 
disaster  recovery  strategies 
are  in  order. 

Poulos,  who  is  also  chair¬ 
man  of  the  SIA’s  Business 
Continuity  Planning  Commit¬ 
tee,  said  Credit  Suisse’s  sys¬ 
tems  worked  smoothly  during 
Nasdaq’s  tests.  But  its  disaster 
recovery  plan  still  has  some 
kinks  that  need  to  be  worked 
out,  he  added.  Poulos  wouldn’t 
disclose  further  details  but 
noted  that  more  pressure  is 
being  put  on  firms  to  increase 
the  resiliency  of  their  systems 
beyond  the  capabilities  they 
have  already  built. 

Large  financial  services 
Firms  also  face  an  April  2006 
deadline  for  meeting  new  fed- 


In  March,  Hewlett-Packard 
Co.  said  it  would  make  Novell 
Inc.’s  SUSE  Linux  software  its 
standard  desktop  distribution 
of  the  operating  system.  HP 
supports  Red  Hat  Linux  on 
some  of  its  notebook  PCs  and 
plans  to  do  so  on  its  desktop 
systems,  an  HP  spokeswoman 
said.  But  she  declined  to  com¬ 
ment  on  whether  HP  specifi¬ 
cally  plans  to  support  Red  Hat 
Desktop.  ©  46758 


McMillan  is  a  reporter  for  the 
IDG  News  Service. 


READ  MORE  ONLINE 

Q&A:  Red  Hat  CEO  Matthew  Szulik  on  the 
market  for  desktop  Linux: 

QuickLink  46679 
www.computerworld.com 


era]  guidelines  on  increased 
resiliency  for  trade  clearance 
and  settlement  activities.  The 
SEC,  the  Federal  Reserve 
Board  and  the  U.S.  Treasury 
Department’s  Office  of  the 
Comptroller  of  the  Currency 
set  the  guidelines  in  a  white 
paper  last  spring. 

Complying  with  the  guide¬ 
lines  “means  having  people 
in  place  at  another  location 
that’s  not  in  a  commutable  dis¬ 
tance  to  the  primary  site,”  Pou¬ 
los  said.  Many  firms  may  move 
their  backup  data  centers  to 
other  parts  of  the  New  York 
metropolitan  area  or  to  more 
remote  locations,  he  added. 

Howard  Sprow,  director  of 
business  continuity  planning 
at  the  SIA,  said  the  new  rules 
shouldn’t  have  a  big  impact  on 
large  firms  that  have  been  im¬ 
proving  their  disaster  recov¬ 
ery  architectures  since  the 
Sept.  11,  2001,  terrorist  attacks. 
The  NASD  and  NYSE  are  sim¬ 
ply  looking  to  “formalize  the 
process,”  he  said. 

“All  the  firms  have  robust 
backup  sites  that  are  some 
distance  from  their  primary 
sites,”  Sprow  noted.  “But  they 
are  looking  at  ways  to  add  ad¬ 
ditional  sites  or  to  increase  the 
separation.”  ©  46725 


PASSING  THE  TEST 

Q&A:  CIO  Steve  Randich  discusses 
Nasdaq’s  disaster  recovery  tests: 

QuickLink  46752 
www.computerworld.com 
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MARYFRAN  JOHNSON 


Compliance  Bonanzas 


WHEN  WAS  THE  last  time  you  read 

about  a  $40,000  retention  bonus 
for  someone  with  a  hot  skill  in  IT? 
I’ll  bet  it  was  sometime  around 
the  turn  of  the  century,  when  Y2k 
fears  had  CEOs  wringing  their  hands  and  CFOs  sign¬ 
ing  checks  for  whatever  IT  asked  for. 


Today,  it’s  a  different 
story  with  some  eerie 
echoes.  The  latest  salary 
bonanzas  aren’t  tied  to 
arcane  skills  in  Cobol 
programming  but  to  IT 
auditing  experience  ap¬ 
plicable  to  the  slew  of 
regulatory  compliance 
issues  companies  are 
facing.  In  our  front-page 
story  last  week  (“IT  Au¬ 
ditors  Coveted,  Hard  to 
Find,”  QuickLink  46577), 
we  wrote  about  one  enterprise  risk 
manager  being  courted  with  gener¬ 
ous  raises,  bonuses  and  stock  op¬ 
tions  from  a  pair  of  Fortune  250 
companies  anxious  to  get  him  on 
staff  as  the  year-end  Sarbanes-Oxley 
compliance  deadline  looms. 

The  big  accounting  firms  are  also 
hiring  briskly  to  beef  up  their  in- 
house  expertise  in  everything  from 
Sarbanes-Oxley  and  HIPAA  to  the 
Patriot  Act,  the  Gramm-Leach-Bliley 
Act  and  the  European  Union’s  direc¬ 
tive  on  privacy  protection.  Ernst  & 
Young,  for  example,  has  expanded  its 
IT  risk  practice  by  30%  in  the  past  10 
months  and  has  200  openings  to  fill 
by  the  end  of  next  month. 

A  lot  of  people  I’ve  talked  with 
lately  believe  —  or  maybe  hope  — 
that  all  these  regulatory  mandates 
will  turn  out  to  be  another  kind  of 
bonanza  for  IT.  That  they’ll  force 
companies  to  clean  out  their  data 
closets  and  reorganize  business 
processes.  That  they’ll  usher  in  new 
project  disciplines,  forge  stronger  IT- 
business  partnerships  and  strengthen 
relationships  with  customers  by  bet¬ 
ter  protecting  their  privacy.  And,  of 
course,  that  they’ll  elevate  security 
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and  privacy  protections  to 
new  heights  of  corporate 
support. 

Those  are  very  seduc¬ 
tive  notions,  and  I’d  love 
to  believe  them.  But  I  also 
hear  the  distant  ring  of 
the  deja  vu  bell.  An  awful 
lot  of  ill-conceived  ERP 
projects  were  launched 
under  the  banner  of  Y2k 
rescues,  and  those  later 
came  back  to  bite  IT  with 
outrageous  cost  overruns, 
disappointing  results  and  a  wider- 
than-ever  credibility  gap  with  senior 
management.  The  risk  of  repeating 
history  is  a  significant  one,  and 
there’s  a  lot  more  at  stake  than  the 
reputation  of  the  IT  organization. 

Last  week,  I  moderated  a  panel 
discussion  at  UCLA  on  regulatory 
compliance  and  corporate  security, 
with  a  speaker  lineup  that  included 
chief  security  officers  and  privacy 


and  legal  experts.  Attorney  Peter 
Adler,  a  partner  at  Washington- 
based  Foley  &  Lardner,  cautioned 
the  audience  about  creating  silos  of 
regulatory  compliance  expertise  — 
for  example,  having  a  set  of  HIPAA 
experts  in  HR  and  a  set  of  Sarbanes- 
Oxley  specialists  in  the  finance  de¬ 
partment.  He  advocated  a  unified  ap¬ 
proach  to  dealing  with  privacy  laws 
and  financial  disclosure  mandates, 
many  of  which  have  common  ele¬ 
ments  and  similar  requirements. 

At  the  end  of  our  discussion,  I 
asked  the  assembled  experts  for  their 
single  best  piece  of  advice  for  IT 
managers  dealing  with  the  regulato¬ 
ry  storm.  “Think  long  and  hard  about 
who  gets  access  to  your  data,”  one 
advised.  “Get  serious  about  federated 
identity  management  systems,”  said 
another.  “You  can  never  do  enough 
employee  training,”  one  stressed. 

All  agreed  that  regulatory  man¬ 
dates  are  driving  renewed  urgency 
into  IT  security  practices  and  raising 
awareness  of  privacy  protection 
obligations  for  both  the  public  and 
private  sectors.  Security  risks  will 
keep  growing,  new  laws  will  keep 
piling  responsibilities  on  IT,  and  the 
audit  cycles  will  keep  on  coming. 

If  there  are  indeed  salary  bonanzas 
coming  with  all  this,  IT  will  earn 
each  and  every  one  of  them.  ©  46713 


PIMM  FOX 


Pushing  rr 
With  the 
Govemator 


W! 


'HAT  HAS  YOUR 
governor  done  for 
you  lately? 

I’m  talking  about  tax  cred¬ 
its,  grant  money,  streamlined 

bureaucracy,  maybe  some  personal 
attention. 

If  your  state  and  local  politicians 
aren’t  trying  to  help  your  IT  business, 
they  need  to  take  some  lessons  from 
the  Governator.  California  Gov.  Arnold 
Schwarzenegger  has  been  pressing  the 
flesh  thousands  of  miles  from  home  as 
part  of  his  effort  to  lure  IT  business  to 
the  Golden  State. 

In  Schwarzenegger’s  first  official  trip 
overseas,  he  flew  to  Israel  for  24  hours 
and  bagged  almost  1,000  new  tech  jobs 
for  the  state,  while 
making  headlines  as 
someone  who  will  do 
what  it  takes  to  en¬ 
courage  IT  firms 
to  relocate  business 
to  the  shores  of  the 
Pacific. 

At  the  top  of 
Schwarzenegger’s 
tally  for  his  day  trip 
to  Israel  was  Sanrad 
Inc.,  a  Tel  Aviv-based 
IP  storage  network¬ 
ing  firm,  which  plans  to  put  its  world¬ 
wide  headquarters  in  Alameda,  Calif., 
bringing  300  jobs  to  the  new  facility. 

Other  deals  announced  by  Schwarz¬ 
enegger  include  an  expansion  of  a  joint 
venture  between  Yokneam,  Israel- 
based  Arad  Technologies  and  Sacra¬ 
mento-based  USCL  Corp.  to  build  in¬ 
telligent  utility  meters.  Yahud,  Israel- 
based  Magal  Security  Systems  will  in¬ 
crease  production  of  monitors  de¬ 
signed  to  protect  buildings,  airports 
and  transport  facilities  at  its  Fremont, 
Calif.,  location.  Netline  Communica¬ 
tions  Technologies  in  Tel  Aviv  will  de¬ 
sign  and  build  devices  to  jam  remote 
activation  of  bombs  as  part  of  a  joint 
venture  with  Santa  Cruz,  Calif.-based 
Life  Safety  Systems.  And  ForeScout 
Technologies  will  add  to  its  operations 
in  San  Mateo,  Calif.,  where  it  is  work¬ 
ing  on  preventing  Internet  hacking. 

Not  bad  for  24  hours’  work. 


pimm  fox  is  a  London- 
based  journalist. 
Contact  him  at 

pimmfox@pacbell.iMt 


THE  IDEAL  I.T.  INFRASTRUCTURE: 
QUICKLY  ADAPTABLE, 
SUPREMELY  FLEXIBLE, 

NOW  ACHIEVABLE. 


Feeling  a  bit  skeptical  these  days?  It’s  perfectly  understandable. 


After  all,  integrating  those  “best  of  breed”  applications  into  your  IT  infrastructure 
turned  out  to  be  not  nearly  as  fast  or  foolproof  as  advertised.  And  capturing  their 
full  value,  as  well  as  the  full  value  of  your  entire  infrastructure, 
probably  still  seems  like  a  distant  goal. 

Given  the  circumstances,  you  did  everything 
you  could.  After  all,  you  were  handed  the  technological 
equivalent  of  a  drawerful  of  mismatched  socks  — 
very  expensive  socks. 

But  now  you  can  do  more  —  actually, 
quite  a  lot  more.  Read  on  and  find  out  how. 


THE  ACCELERATION  OF  EVOLUTION 

Remember  when  it  was  okay  for  businesses 
to  evolve  slowly? 

Of  course  you  don’t.  Success  has  always 
been  about  speed:  the  speed  of  innovation,  the 
speed  of  implementation.  And  it  all  just  keeps 
getting  faster. 

Today,  markets,  customers  and  competi¬ 
tors  change  seemingly  overnight.  And  so  must 
your  business  processes  and  strategies. 

Unfortunately,  this  rapid  pace  of  change 
has  exposed  a  fundamental  weakness  at  many 
businesses',  an  IT  infrastructure  that  can’t  evolve 
quickly  enough  to  take  advantage  of  opportunities 
or  respond  to  challenges. 

There  are  two  reasons  for  the  bottleneck. 
The  first  is  complexity.  By  the  time  a  new 
business  process  or  strategy  can  be  designed, 


, 
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The  success  of  Check  Point  Software 
Technologies  Ltd.,  the  world’s  leading  developer 
of  firewall  software,  w  as  founded  on  innovative 
Web  service  applications,  which  it  used  to  sup¬ 
port  a  global,  third-party  channel  that  delivered 
one  hundred  percent  of  the  company’s  sales. 

But  success  had  a  price:  its  central  IT 
department  was  spending  too  much  time  main¬ 
taining  the  large  number  of  applications.  What’s 
more,  their  IT  infrastructure  was  a  dizzying  mix 
of  different  application  servers,  development 
tools,  and  open  source  components. 

Using  SAP  NetWeaver  —  and,  more 
specifically,  SAP  Enterprise  Portal  and  SAP 
Web  Application  Server  —  Check  Point  was  able 
to  immediately  consolidate  its  Web  services 
infrastructure,  doubling  central  IT’s  applica¬ 
tion  development  productivity.  Within  a  year 
and  a  half,  Check  Point  saw  an  ROI  of  586% 
based  on  IT  productivity  increases  and  swifter 
rollouts.  The  consolidation  also  allowed  Check 
Point  to  reduce  the  number  of  servers  running 
their  Web  service  applications  from  11  to  3. 
Over  five  years,  Check  Point  expects  a  23% 
reduction  in  TCO. 


Carl  Zeiss,  a  leading  optical  component 
manufacturer  with  14,000  employees,  needed  to 
find  a  way  to  evolve  more  quickly.  Consolidation 
among  optical  chains  was  creating  new',  ever- 
larger  customers,  resulting  in  management 


scenarios  ot  greater  complexity  and  delays  in 
order  processing. 

Using  SAP  NetWeaver,  Carl  Zeiss  was 
able  to  integrate  multiple  systems  around  the 
needs  of  their  customers,  developing  individual 
logistics  strategies  for  each  chain.  As  a  result, 
custom  orders  and  changes  are  now  accommo¬ 
dated  more  easily.  And  the  time  it  takes  to 
integrate  a  new  customer  into  the  system  has 
dramatically  decreased. 

Besides  gaining  more-satisfied  cus¬ 
tomers,  Carl  Zeiss  reduced  the  average  cost 
per  integration  interface  by  50%. 


Sasol,  a  holding  company  for  nearly 
fifty  separate  chemical  and  fuel  businesses 
around  the  world,  had  consolidated  all  of 
its  core  operational  software  around  SAP. 
However,  it  still  faced  the  challenge  of  properly 
managing  a  w'idely  dispersed,  and  culturally 
diverse,  workforce. 

Using  SAP  NetWeaver,  Sasol  was  able 
to  create  an  enterprise-w  ide  information 
portal  for  collaboration  and  communications 
between  employees  of  different  divisions, 
greatly  increasing  the  company’s  ability  to 
meet  strategic  corporate  goals.  The  portal  also 
served  to  coordinate  business  processes  for  HR, 
production  planning,  and  production  work 
flow7  across  Sasol’s  various  business  units. 

The  financial  results  were  impressive, 
with  an  ROI  over  five  years,  after  tax,  of  453%. 
But  even  more  importantly,  thanks  to  SAP 
NetWeaver,  Sasol  was  able  to  become  a  truly 
global  player. 


built,  implemented  and  executed  technologically, 
the  window  of  opportunity  has  usually  closed. 

The  second  is  monetary.  Currently,  80% 
of  the  average  IT  budget  is  earmarked  for  operation 
and  consolidation.  Very  little  is  left  for  innovation. 
(Source:  Sound  View  Technology  Group,  2003.) 

Can  your  business  afford  to  concede  opportu¬ 
nities  to  more  agile  competitors?  Of  course  not. 

Your  task  is  clear:  to  enable  your  company  to 
compete  and  win,  you  have  to  reduce  the  complexity 
and  cost  of  your  IT  infrastructure,  and  reallocate 
more  of  your  resources  toward  innovation. 

Fortunately,  there’s  a  technology  platform 
that  will  enable  you  to  fulfill  that  task.  It's  called 
SAP  NetWeaver.1 

But  before  we  take  a  closer  look  at  what 
makes  SAP  NetWeaver  so  useful,  let’s  explore  what 
contributes  to  a  high,  and  skewed,  overall  TCO. 

THE  COMPLETE  TCO  EQUATION 

The  typical  IT  infrastructure  is  a  jumble  ot 
disparate  technologies  (including  portals,  business 
intelligence,  knowledge  management,  etc.)  and 
applications  (both  legacy  and  best  of  breed). 

Whether  you’re  integrating  your  applications 
into  a  portal  or  a  business  intelligence  solution, 
or  connecting  your  apps  with  the  integration 
broker,  it’s  costing  you  time,  money,  and  un¬ 
necessary  aggravation. 


To  help  illustrate  just  how  much  money, 
we’re  introducing  a  new,  more  complete  way 
of  identifying  costs.  It’s  called  The  Complete 
TCO  Equation. 


COMPLETE  TCO  = 


the  cost  of  all  your  technologies,  including  their  integration  into  a  single  platform 
+  the  cost  of  all  your  applications,  including  their  integration  into  an  end-to-end  process 
+  the  cost  of  integrating  all  your  technologies  with  all  your  applications 


From  this  point  of  view,  it’s  no  surprise 
that  integration  has  been  likened  to  a  sinkhole, 
draining  money  from  innovation  and  preventing 
your  business  processes  and  strategies  from  evolving 
as  quickly  as  they  need  to. 

But  what  if  you  could  transform  integration 
into  a  far  simpler,  less  expensive,  less  painful  process  — 
no  matter  whose  technology  or  applications  you’re 
integrating?  Now  you  can  —  with  SAP  NetWeaver. 

SAP  NETWEAVER: 

ELIMINATING  HURDLES,  ENABLING  IDEAS 

Imagine  being  able  to  quickly  and  efficiently 
align  IT  with  your  business’s  needs,  to  drive  new 
strategies  for  growth  while  minimizing  risk  and 
cost,  to  compose  new  business  processes  on  top 
of  existing  systems. 


It’s  all  possible  with  SAP  NetWeaver. 

SAP  NetWeaver  is  an  open,  standards- 
based  integration  and  application  platform  that 
greatly  reduces  the  complexities  of  integration. 
Its  components  include  a  portal,  an  application 
server,  business  intelligence,  and  integration 
and  data  consolidation  technologies. 

With  SAP  NetWeaver,  you  capture  the 
full  value  of  the  technology  you  already  have  in 
place,  and  pave  the  way  for  future  technology  — 
SAP  or  non-SAP. 

The  result:  an  opportunity  to  achieve 
significantly  greater  flexibility  at  a  far  lower, 
sustainable  TCO. 

Bottlenecks  disappear.  Timetables  are 
met.  Business  goals  are  achieved.  Your  entire 


IT  architecture  is  elevated  from  an  enabler 
of  work  into  an  enabler  of  change. 

For  current  SAP  customers,  there’s 
even  more  of  an  ad\antage:  SAP  NetWeaver 
comes  pre-integrated  for  SAP’  solutions, 
which  greatly  reduces  the  costs  associated 
with  systems  integration. 

But  SAP  customer  or  not,  there’s  one 
thing  that  should  be  clear:  of  all  the  software 
providers  in  business  today,  SAP  is  uniqueh 
positioned  to  deliver  integrated  technologies 
and  technologies  integrated  with  applications. 

If  that  concept  piques  your  interest,  we 
suggest  you  visit  sap.com/netweaver  w  here, 
we  hope,  your  curiosity  will  be  integrated 
with  our  solutions. 


www.computerworld.com 


OPINION 


COMPUTERWORLD  May  10, 2004 


17 


Sure,  not  all  governors  have  the  star 
power  or  the  love  of  IT  that  Schwarz¬ 
enegger  has.  (In  The  Terminator,  the 
computer  code  audiences  see  through 
Schwarzenegger’s  eyes  is  a  mixture  of 
Cobol  and  assembly  code  for  the  Apple 
II  computer.)  And  maybe  you’re  not 
into  the  political  scene.  But  you’ve  got 
to  push  pols  to  work  for  you. 

If  you’re  not  hobnobbing  with  elect¬ 
ed  officials  who  can  blast  through  red 
tape  to  help  you  increase  productivity, 
you’re  missing  out.  If  you’re  ignoring 
the  meet-and-greet  sessions  with  local 
party  hacks  who  can  insert  favorable 
rules  into  state  legislation,  then  you’re 
not  firing  on  all  cylinders. 

Does  this  sound  cynical  and  manip¬ 
ulative?  It  isn’t. 

Running  an  IT  business  is  no  easy 
task.  Competitors  are  trying  to  beat 
you  on  price,  customers  demand  ever- 
higher-quality  service  at  lower  costs, 
and  attracting  talented  and  loyal  work¬ 
ers  is  time-consuming  and  expensive. 

Big  corporations  use  the  tax  code  to 
their  advantage  and  aren’t  shy  about 
asking  for  government  handouts  to 
keep  business  humming. 

Think  of  all  the  things  government 
could  do  to  help  IT  at  the  operational 
level,  from  hiring  to  research  grants. 

And  who  knows  —  maybe  you  could 
get  some  free  acting  lessons.  ©  46652 

DAN  GILLMOR 

A  Road 
Warrior’s 
Inventory 

I’VE  BEEN  a  fairly  hard¬ 
core  road  warrior  for  the 
past  few  years.  Users  like 
me  are  a  challenge  for  IT  de¬ 
partments,  because  we’re  try¬ 
ing  to  replicate  the  best  parts  of  our 
offices  in  one  carry-on  bag. 

My  own  gadget  bag  is  a  continually 
evolving  set  of  tools,  the  kind  that 
make  it  possible  to  be  connected  and 
up  to  speed  pretty  much  anywhere  I 
happen  to  be.  Your  mileage  may  vary, 
but  these  tools  work  for  me. 

I  start  with  an  aluminum  Macintosh 
G4  PowerBook  with  a  DC  charger  that 
works  in  the  car  and  on  airplanes,  in 
addition  to  the  regular  wall  charger. 

It  worries  me  how  much  of  my  pro¬ 
fessional  existence  is  in  this  thing. 

That’s  why  I  also  carry  an  80GB  Fire- 


Lite  device  from  SmartDisk 
for  routine  backups,  includ¬ 
ing  a  daily  backup  of  essen¬ 
tial  files  such  as  chapter 
drafts  of  a  book  I’m  nearly 
finished  writing.  I  lost  a 
bunch  of  important  e-mails 
in  the  middle  of  2003  and 
decided  that  it  wouldn’t  hap¬ 
pen  again.  I  keep  the  disk 
drive  in  a  separate  place  in 
my  hotel  room. 

Laptops  are  hardier  than 
ever,  but  they’re  not  inde¬ 
structible.  On  planes,  I  carry 
my  Mac  “double-wrapped.”  I  put  the 
computer  in  a  padded,  ballistic-nylon 
“sleevecase”  from  WaterField  Designs. 
The  sleevecase  then  goes  into  a  carry- 
on  bag  that  adds  further  protection. 

Once  I  get  to  my  hotel  room,  I  pull 
out  the  sleevecase  and  attach  a  padded 
shoulder  strap  and  piggyback  bag  that 
holds  my  power  supply  as  well  as  a 
notebook  (analog),  a  digital  camera,  a 
couple  of  cables  and  other  small  items. 
That  way  I  can  leave  the  big  bag  in  the 


hotel  instead  of  schlepping 
it  around. 

I’m  a  convert  to  the 
phone/PDA  routine.  My 
PalmOne  Treo  600  is  the 
best  combo  device  I’ve 
seen  so  far.  I’ve  been  load¬ 
ing  a  bunch  of  third-party 
software  onto  it,  including 
a  Freecell  game  for  emer¬ 
gency  boredom  cures. 

To  carry  the  Treo,  I  use  a 
padded  camera  pouch  that 
attaches  to  my  belt.  I  also 
have  a  retractable  sync  and 
cable/charger  thingy,  which  saves  lots 
of  room  and  is  vastly  more  convenient. 

I  put  a  512MB  memory  card  into  the 
Treo,  found  a  third-party  MP3  player 
and  now  listen  to  music  on  the  Treo. 
It’s  not  as  nice  as  Apple’s  iPod,  but  it’s 
one  less  thing  to  carry. 

One  vital  road-warrior  tool  is  a  pair 
of  noise-canceling  headphones,  which 
make  a  huge  difference  in  reducing 
fatigue  from  long  plane  rides.  At  the 
moment,  I’m  using  the  Sennheiser 


PXC250  model.  I’m  eyeing  the  new 
Bose  set,  but  it’s  twice  as  expensive. 

Then  there’s  an  assortment  of  other 
cables,  including  a  retractable  phone, 
Ethernet  and  FireWire  line.  I  love  the 
convenience  of  the  ones  that  wind  up 
inside  a  spindle,  helping  me  avoid  cord 
spaghetti.  And,  of  course,  I  have  extra 
batteries,  a  USB  adapter  for  various 
device  memory  cards  to  download  pic¬ 
tures  and  transfer  files,  and  several 
notebooks,  pens,  tissues,  antibacterial 
hand  wipes,  decongestant  nose  spray 
(essential  if  you  fly  with  a  cold)  and 
other  basic  remedies  and  vitamins. 

One  crucial  addition:  a  paperback 
book.  I  never  know  when  I  might  be 
waiting  in  line  (the  immigration  line 
at  Tokyo  Narita  took  an  hour  last 
month),  and  it’s  always  nice  to  have 
something  to  read.  Not  all  of  life  is 
digital.  ©  46598 
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HP  Betrays  Users 

THE  MPEix  operating  system  is 
one  of  the  best  ever  written 
[“HP  Responds  to  Pressure  From 
e3000  Users,”  QuickLink  46280], 
Although  it  isn’t  an  open  platform, 
most  businesses  don't  want  their 
primary  systems  to  be  that  open.  We 
want  it  to  be  secure  and  to  do  the 
core  business  without  interruptions. 

I’ve  been  an  HP  e3000  user,  pro¬ 
grammer  and  manager  for  20-plus 
years.  I  saw  the  mistakes  made  by 
Hewlett-Packard  during  late  1980s 
with  the  HP  3000.  Now  third-party 
vendors  are  price-gouging  e3000 
customers,  and  HP  is  turning  its 
back  on  loyal  customers.  The  grief, 
problems  and  expense  I’ve  experi¬ 
enced  during  this  dumping  of  the 
HP  e3000  have  left  a  bad  taste  in 
my  mouth.  I'm  recommending  that 
the  company  I  work  for  not  pur¬ 
chase  any  HP  equipment  in  the  fu¬ 
ture.  The  “HP  Way"  has  gone  astray! 
Bryan  Goodwin 
Senior  software  engineer, 
Springfield,  Ore. 

Open-Source  Keeps 
Mainframes  Alive 

Mainframes  are  far  from  “go¬ 
ing  away”  [IT  Vets  Reminisce 
on  IBM  360’s  40th  Anniversary," 


QuickLink  46119],  as  Marc  Veen, 
operations  support  at  Alticor  Inc., 
put  it.  It’s  too  bad  Alticor  chose  to 
discard  the  very  system  that  could 
enable  its  move  to  open  systems. 
Over  the  last  several  years,  IBM  has 
made  tremendous  progress  in 
adding  open-systems  technology  to 
its  mainframe  product  line.  Whether 
by  accident  or  intent,  IBM  has  con¬ 
tinued  the  root  definition  of  the  orig¬ 
inal  360  philosophy  of  using  one 
system  for  all  needs,  by  including 
support  for  Linux  and  Java. 

Bruce  A.  McKnight 
zGroup  principal,  Boundless 
Flight  Inc.,  Cleveland, 
Bruce@BoundlessFlight.com 

Many  Tools  Need 
Real-Time  Abilities 

WHILE  reservations  systems 
can  benefit  from  being  real 
time,  there  are  other  systems  that 
have  always  needed  that  capability 
and  tried  to  provide  it  [“Almost  Real 
Time,"  QuickLink  46191].  The  air 
traffic  control  systems  are  one  type. 
State  and  local  police  departments’ 
warrant  and  “wanted"  systems-are 
another.  No  one  wants  to  pay  a  fine 
or  clear  his  case  only  to  be  arrested 
two  minutes  later  on  the  same  war¬ 
rant.  Our  military  systems  and 
NASA  have  had  similar  require¬ 


ments.  Many  systems  need  immedi¬ 
ate  updating  if  they  are  to  deliver  the 
value  everyone  desires  from  them.  I 
suspect  that  historically,  govern¬ 
ment  IT  systems  have  been  as  inter¬ 
ested  in  real-time  systems  as  com¬ 
mercial  enterprises,  and  perhaps 
even  more  interested  in  them. 

Gene  Lauver 

Senior  programmer,  St.  Louis 


Calculating  Risk 

Regarding  the  article  “Big  Four 
Accounting  Firms  Join  in  Cyber- 
Risk  Effort"  [QuickLink  45597],  I 
have  to  say  that  something  similar 
was  done  already  in  the  Open 
Source  Security  Testing  Methodolo¬ 
gy  Manual  ( www.osstmm.org ).  This 
methodology  is  a  true  open-source 
initiative  that  has  over  1,000  volun¬ 
teers  worldwide,  including  mem¬ 
bers  of  the  Big  Four.  Last  month, 
we  released  the  Risk  Assessment 
Values  at  the  ISEST0RM  event  in 
Barcelona  and  again  at  sympo¬ 
siums  in  France,  Spain  and  Italy. 

The  RAVs  provide  quantitative  risk 
assessment  based  on  security  tests 
and  quantify  risk  in  two  parts:  justi¬ 
fied  risk,  which  is  inherent  risk  in 
doing  business,  and  actual  risk, 
which  is  the  current  state  of  the  net¬ 
work  regarding  vulnerabilities. 
Together  with  results  from  best- 


effort  practices  like  IS0 17799,  BS 
7799,  OCTAVE  and  other  risk  as¬ 
sessment  methodologies,  the  secu¬ 
rity  management  and  operations 
approach  can  be  combined  with  the 
0SSTMM  for  very  accurate  risk  as¬ 
sessment  calculations.  Additionally, 
the  results  can  best  be  analyzed  by 
a  professional  security  analyst  who 
may  make  manual  verifications  prior 
to  processing  and  quantifying  the 
risks.  This  prevents  the  problem  of 
“trusting  the  tools,"  which  has  led  to 
many  false  security  assumptions 
and  poor  risk  analysis. 

Pete  Herzog 
Managing  director, 

Institute  for  Security 
and  Open  Methodologies, 
Barcelona,  Spain, 
pete.herzog@isecom.org 
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Meet  the  IBM  eServer™  i5™  system  —  designed  to  simplify  your  infrastructure.  It’s  the  first  IBM  server  with  POWER5™ 
technology.  And  the  latest  member  of  the  IBM  eServer  iSeries™  family.  What’s  more,  it  can  simultaneously  run  four 
operating  systems,  dynamically  allocating  resources  needed  for  each  application  and  operating  system!  On  demand. 
iSeries  technology  can  also  help  reduce  the  number  of  servers  you  manage  by  as  much  as  85%.  We  invite  you  to 
learn  more  about  how  to  make  your  business  more  efficient.  Just  visit  ibm.com/eserver/consolidate 


5  reasons  why  IBM  eServer  i5  systems  with  Power  Architecture ™  technology  can  simplify  your  infrastructure. 


Runs  four  operating 

Advanced  virtualization 

Capacity  on  demand. 

POWERS  processor- 

Integrated  for  easy 

systems  simultaneously. 

technologies. 

based  64-bit  technology. 

management. 

(e)  server* 


The  IBM  eServer  i5  system. 
Consolidate.  Integrate.  Celebrate. 


'IXA  or  IXS  required  to  run  Windows.  Customers  must  license  O/Ss  separately.  IBM,  the  e-business  logo.  eServer,  the  eServer  logo,  iSeries,  i5,  Power  Architecture  and  P0WER5  are  trademarks 
or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or 
service  marks  of  others.  ©2004  IBM  Corporation.  All  rights  reserved. 


ROBUST  OBJECTS 
AND  ROBUST  SQL 


GET  DATA  IN  THE 
BLINK  OF  AN  EYE 


For  your  next  generation  of  applications,  move 
to  the  next  generation  of  database  technology. 

Cache  is  the  post-relational  database  that  com¬ 
bines  high-performance  SQL  for  faster  queries  and 
an  advanced  object  database  for  rapidly  storing 
and  accessing  objects.  With  Cache,  no  mapping 
is  required  between  object  and  relational  views  of 
data.  That  means  huge  savings  in  both  development 
and  processing  time. 

Applications  built  on  Cache  are  massively  scala¬ 
ble  and  lightning-fast.  Plus,  they  require  minimal 
or  no  database  administration. 

More  than  just  a  database  system,  Cache  incor¬ 
porates  a  powerful  Web  application  development 


environment  that  dramatically  reduces  the  time  to 
build  and  modify  applications. 

The  reliability  of  Cache  is  proven  every  day  in 
“life-or-death”  applications  at  thousands  of  the  world’s 
largest  hospitals.  Cache  is  so  reliable,  it’s  the  leading 
database  in  healthcare  -  and  it  powers  enterprise  appli¬ 
cations  in  financial  services,  government  and  many 
other  sectors. 

We  are  InterSystems,  a  specialist  in  data  manage¬ 
ment  technology  for  twenty-five  years.  We  provide 
24x7  support  to  four  million  users  in  88  countries. 
Cache  is  available  for  Windows,  OpenVMS,  Linux  and 
major  UNIX  platforms  -  and  it  is  deployed  on  systems 
ranging  from  two  to  over  10,000  simultaneous  users. 


InterSystems  A 

E  CACHE 

Make  Applications  Faster 

Free  White  Paper 

Read  or  request  a  copy  of  the  Baroudi/Bloor  white  paper  “The  Failure  of  Relational  Database, 

The  rise  of  Object  Technology  and  the  Need  for  the  Hybrid  Database.”  at  www.InterSystems.com/cworld 

C  2004  InterSystems  Corporation.  All  rights  reserved  InterSystems  Cachl  is  a  registered  trademark  of  InterSystems  Corporation.  7-03 
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FUTURE  WATCH 

Computational  Origami 

Some  pioneering  researchers  in  this  new 
field  believe  the  math  behind  paper  fold¬ 
ing  could  help  decode  the  “bad”  protein 
folds  thought  to  cause  diseases  such  as 
Alzheimer’s  and  mad  cow.  Page  26 


SECURITY  MANAGER’S  JOURNAL 

Security  Policy  a  Paper  Tiger 

Despite  explicit  policies  in  Mathias 
Thurman’s  company,  problems  with 
rogue  access  points  and  incident- 
response  procedures  haven’t  abated. 

Page  28 


OPINION 

Living  Down  to  a  Low  Standard 

Nicholas  Petreley  says  the  latest  version 
of  the  GNOME  graphical  desktop  envi¬ 
ronment  continues  an  unfortunate  trend 
in  which  each  new  version  of  the  soft¬ 
ware  is  worse  than  the  last.  Page  30 


EXTENDED 


ENFORCEMENT 

Companies  are  using  compliance  tools  to 
ensure  that  secur' 

m  I  |  ■  m 


ttM  ike  many  companies,  for  sev- 
Igi  eral  years  Tripos  Inc.  has  re- 
quired  employees  who  work 
i|lf|  remotely  to  install  a  firewall 
|||1  and  antivirus  software  on  the 
Wa  laptop  or  desktop  PCs  they 
yjpi  use  to  connect  to  the  corpo- 
rate  network  via  VPN. 
HHH  But  it  wasn’t  until  about  a 
year  ago  that  the  St.  Louis-based  drug 
research  company  adopted  measures 
to  enforce  end-user  compliance  with 
those  requirements. 

Technology  from  InfoExpress  Inc. 
in  Mountain  View,  Calif.,  helps  Tripos 
monitor  and  audit  all  remote  end-user 
systems  to  ensure  that  they  have  active 
firewalls  and  updated  antivirus  soft¬ 
ware.  Systems  that  don’t  have  both  are 
automatically  shut  out  of  the  Tripos 
network. 

Tripos  is  one  of  a  growing  number 
of  companies  turning  to  monitoring 
and  auditing  technologies  such  as 
those  from  InfoExpress  to  enforce  pol¬ 
icy  compliance  at  vulnerable  network 
endpoints.  The  tools,  many  of  which 
require  software  agents  to  be  installed 
on  client  devices,  inspect  systems  for 
active  firewalls,  the  latest  antivirus  sig¬ 
natures,  secure  configuration  settings 
and  unauthorized  privilege  escalation. 

The  demand  for  such  endpoint  en¬ 
forcement  technologies  is  being  driven 
by  growing  concerns  that  remote 
client  devices  could  be  compromised 
and  used  by  attackers  to  gain  entry 


into  core  production  systems,  says 
Jerry  Wintrode,  senior  network  archi¬ 
tect  at  Tripos.  For  instance,  this 
month’s  Sasser  and  last  year’s  Blaster 
and  Slammer  worms  spread  primarily 
via  infected  client  systems. 

Privacy  concerns  and  regulatory 
issues  are  also  creating  a  need  for  end¬ 
point  compliance. 

“Until  you  have  something  that  ab¬ 
solutely  enforces  policies,  you  may  as 
well  admit  that  you  have  a  back  door 
into  your  network,”  Wintrode  says. 
“You  could  make  all  the  policies  you 
wanted  to  and  educate  your  employees 
until  they  are  all  security  experts.  But 
someone  is  still  going  to  screw  up.” 

For  the  most  part,  endpoint  compli¬ 
ance  technologies  include  agent  soft¬ 
ware  that’s  installed  on  end-user  sys¬ 
tems,  an  enforcement  component  and 
a  policy  management  server  tool.  At  a 
high  level,  the  agent  software  sits  on 
each  client  device  and  collects  infor¬ 
mation  on  a  variety  of  issues,  such  as 
the  status  of  antivirus  software,  fire¬ 
walls,  host  intrusion-detection  sys¬ 
tems,  file  versions,  patches  and  reg¬ 
istry  values. 

The  enforcement  agent  typically 
sits  between  the  client  and  the  corpo¬ 
rate  gateway  and  audits  this  informa¬ 
tion  for  compliance  with  corporate 
policies.  Systems  that  are  compliant 
are  allowed  access  to  the  network, 
while  those  that  aren’t  are  either  auto¬ 
matically  blocked  or  redirected  to  a 
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quarantine  site  for  fixes.  In  some 
cases,  the  tools  can  be  used  to  bring 
an  endpoint  device  into  compliance, 
by  turning  on  a  firewall  or  download¬ 
ing  the  latest  antivirus  signatures,  for 
instance. 

In  other  cases,  the  enforcement 
agent  can  send  a  message  back  to  the 
user  indicating  the  necessary  remedial 
action,  or  it  can  provide  restricted  ac¬ 
cess  to  network  resources  until  the 
system  is  brought  into  compliance. 

Meanwhile,  the  policy  management 
server  defines  and  manages  the  poli¬ 
cies  that  are  enforced. 

Not  all  endpoint  technologies  need 
client-side  agents.  Some  are  server- 
based  products  that  probe  client  de¬ 
vices  for  compliance  when  the  user 
logs  onto  the  network.  Costs  can  range 
from  $50  to  $150  per  user,  depending 
on  the  level  of  enforcement. 

Target:  Remote  Workers 

Besides  InfoExpress,  other  vendors  in 
the  field  include  Zone  Labs  Inc.,  Sygate 
Inc.,  Symantec  Corp.,  Network  Associ¬ 
ates  Inc.  and  Trend  Micro  Inc.  Net¬ 
working  giant  Cisco  Systems  Inc.  en¬ 
tered  the  fray  last  fall  when  it  launched 
a  major  endpoint  compliance  initiative 
called  the  Network  Admission  Control 
program  (see  box,  right). 

Almost  all  the  enforcement  software 
that’s  deployed  is  targeted  at  mobile 
and  remotely  connected  systems,  says 
Phil  Schacter,  an  analyst  at  Midvale, 
Utah-based  Burton  Group. 

“One  of  the  biggest  factors  has  been 
the  endless  onslaught  of  viruses  and 
worms  that  potentially  can  be  trans¬ 
mitted  through  open  ports  on  any  net¬ 
work-connected  machine,”  says  James 
Demos,  a  security  administrator  at  a 
major  publishing  house  in  New  York. 

“The  pace  picked  up  last  year  and  is 
unrelenting  at  this  point,”  he  adds. 

Demos,  who  asked  that  his  company 
not  be  named,  is  planning  to  deploy 
ZoneAlarm  from  San  Francisco-based 
personal  firewall  vendor  Zone  Labs. 

The  centrally  managed  security 
suite  will  allow  Demos  to  enforce  poli¬ 
cies  related  to  the  use  of  firewalls, 
antivirus  software  and  configuration 
settings  for  all  VPN-connected  corpo¬ 
rate  users.  Unlike  the  company’s  exist¬ 
ing  personal  firewall  software,  Zone- 
Alarm,  which  acts  as  a  firewall  in 
addition  to  monitoring  compliance, 
can’t  be  disabled  by  users  who  don’t 
have  the  administrative  privilege  to 
make  system  changes.  In  the  event  that 
someone  does  find  a  way  to  do  so,  a 
log  of  the  change  is  made. 

“Once  the  software  is  deployed,  it 
should  be  running.  If  it’s  not,  the  user 


won’t  get  in,”  Demos  says. 

The  software  can  either 
block  the  user  from  the 
system  automatically  or 
alert  administrators  of  a 
problem  and  leave 
enforcement  to  them. 

For  some  companies,  such 
software  does  more  than  just 
protect  against  worms  and  viruses. 

For  example,  Terra  Nova  Trading  LLC 
uses  a  combination  of  in-house  tools 
and  third-party  software  to  monitor 
client  systems  for  illegal  chat  and 
peer-to-peer  software  in  addition  to 
handling  basic  security  functions,  says 
Kevin  Ott,  vice  president  of  technolo¬ 
gy  at  the  Chicago-based  financial  ser¬ 
vices  company. 

The  third-party  desktop  manage¬ 
ment  software,  which  Ott  declines 
to  name,  allows  Terra  Nova  to  scour 
employee  desktops  for  illegal  appli¬ 
cations  and  shut  them  down  before 
they’re  launched.  In  addition  to 
searching  for  specific  file  names  and 
extensions,  the  software  registers  any 
new  or  unusual  processes  running  on 
a  user’s  system  to  prevent  users  from 
circumventing  policies  by  simply 


changing  file  names. 

“We  ran  into  some 
technically  savvy  users 
who  figured  they  could 
rename  the  executable. 
We  were  able  to  identify 
them”  and  shut  down  the 
software,  Ott  says. 

Sara  Lee  Coffee  &  Tea  North 
America,  a  Harrison,  N.Y.-based  divi¬ 
sion  of  Sara  Lee/DE,  is  using  software 
from  San  Diego-based  Websense  Inc. 
not  only  to  detect  and  automatically 
shut  down  any  peer-to-peer  or  chat  ap¬ 
plication  but  also  to  enforce  quotas  on 
the  amount  of  time  employees  can 
spend  on  commercial  Web  sites  during 
office  hours.  The  idea  is  to  give  users 
the  ability  to  browse  commercial  Web 
sites,  but  only  for  specific  amounts  of 
time,  says  Steven  Annese,  IT  manager 
at  the  company. 

Such  technologies  can  also  help  com¬ 
panies  uncover  security  risks  that  might 
otherwise  be  missed,  says  Sygate  user 
Jim  Kirby,  a  network  engineer  at  Wells’ 
Dairy  Inc.  in  Le  Mars,  Iowa. 

It  was  only  after  the  company  in¬ 
stalled  an  enforcement  component  to 
its  endpoint  defenses  that  it  discov¬ 


ered  that  firewalls  on  end-user  devices 
were  frequently  being  switched  off  — 
sometimes  for  unknown  reasons,  and 
sometimes  because  a  user  had  re¬ 
imaged  the  system,  Kirby  says. 

Looking  Closer  to  Home 

The  increased  focus  on  remote  end¬ 
points  is  driving  a  trend  toward  the 
same  kind  of  enforcement  on  locally 
connected  machines  as  well,  says 
Frederick  Felman,  a  vice  president  at 
Zone  Labs.  In  such  cases,  the  enforce¬ 
ment  agent  sits  between  the  LAN 
switch  and  an  authorization,  account¬ 
ing  and  authentication  server.  It  audits 
end-user  systems  for  policy  compli¬ 
ance  before  network  access  is  granted, 
Felman  says. 

“Most  of  our  sales  in  the  last  two 
quarters  have  come  from  such  users,” 
says  Felman. 

But  if  you  adopt  measures  to  en¬ 
force  policy  compliance,  you  also 
have  to  have  good  mechanisms  for 
remediation,  says  Stacey  Lum,  presi¬ 
dent  of  InfoExpress.  Users  who  get 
locked  out  of  a  corporate  network  for 
failure  to  comply  need  to  have  a  place 
to  go  where  they  can  quickly  bring 
their  systems  into  compliance,  or  have 
a  procedure  for  doing  so  themselves, 
Lum  says. 

For  instance,  Tripos  lets  remote 
users  connect  directly  to  the  Internet 
to  download  the  patches  and  fixes  they 
need  in  order  to  log  onto  the  corporate 
VPN.  The  company’s  InfoExpress  soft¬ 
ware  also  lets  Tripos  push  patches  to 
remote  users  who  have  high-speed 
connections. 

Moreover,  failure  to  properly  explain 
the  steps  being  taken  to  enforce  end¬ 
point  security  can  result  in  a  lot  of 
calls  to  the  help  desk,  says  Schacter. 

“When  we  first  turned  on  the  en¬ 
forcement,  it  wasn’t  perfect,”  Kirby 
says.  “There  was  a  little  bit  of  an  up¬ 
roar  over  it.” 

The  key  is  to  have  policies  that  give 
users  reasonable  ways  to  fix  problems, 
Schacter  says. 

“You  need  to  be  able  to  get  the  fix 
down  to  the  desktop  in  some  reason¬ 
able  series  of  steps  so  that  the  user 
can  try  again  and  be  let  in,”  Schacter 
says.  “If  you  make  things  too  difficult 
for  the  end  user,  there  is  going  to  be 
so  much  push-back  that  you  may  not 
be  able  to  deploy  these  technologies.” 
©  46467 


PRODUCTS  AND  VENDORS 

For  a  listing  of  vendors  who  offer  endpoint  compliance 
software,  visit  our  Web  site: 
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CISCO’S  GOT  A  NAC 


CISCO  is  using  its  position  as  the  pre¬ 
eminent  supplier  of  corporate  network 
gear  to  enter  the  market  for  endpoint 
security  enforcement  technologies. 

Under  the  Network  Admission  Con¬ 
trol  program  it  launched  last  fall,  Cisco 
is  working  with  three  security  vendors 
to  develop  products  that  will  let  compa¬ 
nies  deny,  permit,  quarantine  or  restrict 
admission  to  networks,  based  on  an 
end  user's  security  status. 

Cisco’s  NAC  technology  is  made  up 
of  multiple  components,  including  the 
following: 

■  A  Cisco  trust  agent  that  sits  on  end¬ 
point  systems  and  collects  information 
on  client  security,  such  as  the  status  of 
antivirus  signatures  and  patch  levels. 

■  Network  access  devices  that  en¬ 
force  admission  control  based  on  the 
information  provided  to  them  by  the 
trust  agent. 

■  A  policy  server  that  instructs  net¬ 
work  access  devices  on  the  appropriate 
policies  that  need  to  be  applied. 

As  part  of  its  effort,  Cisco  has  li¬ 
censed  its  trust  agent  technology  to  its 
NAC  partners:  Symantec,  Network  As¬ 
sociates  and  Trend  Micro.  The  three 


vendors  will  integrate  the  Cisco  soft¬ 
ware  into  their  antivirus  products.  In  ad¬ 
dition,  Cisco  will  integrate  its  trust  agent 
with  its  own  Security  Agent  technology 
for  checking  the  status  of  operating  sys¬ 
tem  patches. 

Cisco’s  NAC  technology,  which  is 
due  to  ship  by  June,  will  allow  compa¬ 
nies  to  enforce  endpoint  security  com¬ 
pliance  without  affecting  performance 
for  end  users,  claims  Jeff  Buton,  a  se¬ 
nior  director  of  technology  marketing  at 
the  company. 

Cisco's  widespread  presence  in 
corporate  networks  makes  its  NAC 
effort  worth  watching,  says  Phil  Schac¬ 
ter,  an  analyst  at  Burton  Group.  “Cisco 
has  woken  up  the  market  to  the  value  of 
such  technologies  in  a  big  way,"  he  says. 

But  the  limited  number  of  vendors 
that  Cisco  is  currently  partnering  with 
has  raised  some  concerns  about  it  deliv¬ 
ering  a  “closed  solution”  to  its  customer 
base,  Schacter  says.  For  a  technology 
such  as  NAC  to  be  truly  successful,  a  lot 
depends  on  the  ease  with  which  users 
are  able  to  integrate  it  with  their  existing 
security  technologies,  he  says. 

-JaikumarVijayan 
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Common  driver,  common  interface  makes  business  simple  and 
increases  productivity.  And  NetView™  software  gives  you  one  tool 
to  manage  everything.  If  you’re  looking  for  the  best  in  class 
printers,  copiers,  MFPs,  and  network  solutions,  look  to 
Kyocera  for  an  exceptional  solution. 
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OES  EVERY  SINGLE  EMPLOYEE  HAVE 

his  own  portal?  That’s  how  it 
sometimes  appears  to  frustrated 
IT  managers  seeking  to  streamline 
their  infrastructures. 

In  the  past  several  years,  many 
enterprises  have  seen  portals  —  or 
tiny  intranet  sites  that  users  think  of  as  portals  — 
spring  up  like  dandelions.  Frequently  created  by  an 
enthusiastic  power  user  with  little  or  no  IT  over¬ 
sight,  portals  may  belong  to  a  satellite  office,  a  de¬ 
partment  or  a  functional  group  of  employees  (such 
as  salespeople).  They  may  be  little  more  than  a  wel¬ 
come  screen  and  a  half-dozen  links,  or  they  may  be 
true  transactional  sites  used  by  customers  and  trad¬ 
ing  partners. 

Today,  businesses  are  waking  up  to  the  fact  that 
portal  proliferation  is  a  potentially  expensive  mess  at 
best  and  a  disaster  waiting  to  happen  at  worst.  As  a 
Gartner  Inc.  report  in  October  2003  put  it,  “Many  en¬ 
terprises  —  instead  of  easily  reaping  rewards  from 
their  portal  implementations  —  find  themselves 
dealing  with  a  jungle  of  multiple  portals  that  com¬ 
pete  for  the  same  resources  and  audiences.” 

The  resulting  expense  is  difficult  to  track,  because 
small  portals  are  scattered  across  geographic  regions 
and  lines  of  business.  “You  want  to  save  money  even¬ 
tually  [by  consolidating  portals],  sure,”  says  Steve  El¬ 
lis,  executive  vice  president  at  Wells  Fargo  &  Co.’s 
Wholesale  Services  division.  “But  it’s  almost  as  im¬ 
portant  just  to  understand  where  that  part  of  your 
spend  is  going.” 

Tracking  content  on  unauthorized  and  unsuper¬ 
vised  portals  is  essentially  impossible,  a  circum¬ 
stance  that  sets  the  scene  for  disaster,  given  today’s 
strict  accountability  regulations.  Laws  such  as  the 
Sarbanes-Oxley  Act  require  enterprises  to  monitor 
and  control  all  outward-facing  communication. 

Organizations  seeking  to  consolidate  portals  are 
soon  confronted  with  a  number  of  thorny  technology 
issues.  “Each  [existing]  portal  has  different  tool  sets, 
languages  and  approaches  to  content  and  applica¬ 
tions,”  says  Frank  Torbey,  a  consultant  at  Tandem- 
Seven  Inc.,  a  Plymouth,  Mass.-based  firm  that  helps 
large  businesses  build  portals.  Log-on  and  user- 
identity  features  may  also  be  handled  differently, 
he  adds. 

Today,  businesses  typically  have  separate  portals  for 
employees  in  general,  the  sales  force,  customer  ser¬ 
vice  and  perhaps  suppliers.  Each  portal  must  access 
data  from  a  range  of  applications  (human  resources, 
payroll,  CRM,  ERP,  supply  chain  management,  ac¬ 
counting  and  purchasing)  and  then  add  a  presentation 
layer.  When  a  company  considers  consolidation,  IT’s 
challenge  is  to  rationalize  existing  portals  into  one 
system  that  addresses  the  data,  functionality,  person¬ 
alization  and  authentication  needs  of  all  users. 

The  good  news  for  IT  managers  is  that  there  are 
more  tools  available  for  portal  consolidation  than 
there  were  a  few  years  ago.  Longtime  portal  special¬ 
ists  such  as  San  Francisco-based  Plumtree  Software 
Inc.  and  Austin-based  Vignette  Corp.  are  facing  com¬ 
petition  from  nearly  every  major  vendor  of  enter¬ 
prise  software. 

This  widespread  availability  of  portal  software  has 
altered  the  purchase  decision  landscape,  according  to 
Torbey.  “Many  of  our  clients  started  their  portals  with 
a  Plumtree  or  a  Vignette,”  he  says.  “But  if  that  company 
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Attend  Computerworld’s 
Executive  Conference  on 
Mobile  and  Wireless 
Technologies! 


Mobile  and  wireless  technologies  push  the  enterprise 
envelope  every  day,  from  customer-facing  applications  all 
the  way  to  the  factory  floor.  With  the  proliferation  of 
mobile  and  wireless  applications,  devices  and  services, 
how  can  you  keep  your  enterprise  on  the  cutting  edge? 
How  can  you  find  today's  most  promising  mobile  and 


wireless  technologies?  And  how  can  you  learn  how  other  companies  and  industries 
apply  the  latest  and  greatest  mobile  and  wireless  tools? 

At  Mobile  &  Wireless  World,  you  will: 


Hear,  discuss  and  witness  winning  mobile  and  wireless 
strategies  in  the  enterprise 

Gain  first-hand  knowledge  that  can  enhance  your  own 
company’s  mobile  and  wireless  strategy 

Examine  the  industry’s  major  issues  and  challenges 

See  developing  technologies 

Network  with  peers 

Meet  potential  partners 

Converge  with  analysts  and  press 

Take  home  practical  tips  and  knowledge  of 
technologies  you  can  implement  right  away 


Visionary  &  Featured  Speakers 


Dan  Gillmor 

Technology  Columnist 
San  Jose  Mercury  News 


Dan  Gillmor  is  technology  columnist  for  the  San  Jose 
Mercury  News,  Silicon  valley's  daily  newspaper.  He  also 
writes  a  daily  Web-based  column  for  SiliconValley.com,  a 
KnightRidder.com  site  that  is  an  online  affiliate  of  the 
Mercury  News.  His  column  runs  in  many  other  U.S.  newspa¬ 
pers,  and  he  appears  regularly  on  radio  and  television,  He 
has  been  consistently  listed  by  industry  publications  as 
among  the  most  influential  journalists  in  his  field. 


Ken  Pasley 

VP 

FedEx  Internet  Technology 


Ken  Pasley  provides  leadership  for  the  FedEx  Express 
worldwide  wireless  and  mobile  architecture.  In  this  position, 
he  oversees  strategy,  engineering,  and  development  of  wire¬ 
less  technology,  including  FedEx  PowerPad,  FedEx  Private 
Network  and  Bluetooth  implementation. 


Roger  Gurnani 

VP  &  CIO 

Verizon  Wireless 


As  CIO,  Roger  Gurnani  is  responsible  for  the  information 
systems  portfolio  development  and  operation  of  data  cen¬ 
ters  and  communications  facilities  for  the  nation's  largest 
wireless  voice  and  data  network,  which  serves  36  million 
customers. 


the  only  place  I’ve  been 
where  I  can  meet  other  people 
responsible  for  the  technology 
I’m  implementing  ...” 

|_oe  Colaw 
CIO 

Pacific  University 


“...  provides  more  information  than 
other  events  ...  a  chance  to  talk 
with  and  hear  from  other  users  ... 
specific  information  I  need  to 
help  me  make  decisions  today  ..." 

Bob  McCool 
R&D  Advisor 
FedEx 


“...  I  learn  what  the  industry 
experts  see  as  trends  that  I 
should  consider  in  my  future 
purchasing  plans  ...” 


Mike  Taylor 
CIO 

Todd  Pacific  Shipyards 


For  more  information  and  to  register,  visit  WWW.fi 
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CONFERENCE  AGENDA 


(subject  to  change) 


For  details,  updates,  and  to  register  visit  www.mwwusa.com/mcwt 


MONDAY,  MAY  24 

12:00pm 

Pre-Conference  Golf  Outing 

1:15pm 

Concurrent  Industry  Pipelines  and  Technology  Workshop: 

1 :15pm  -  Industry  Pipelines 

3:30pm  -  Technology  Workshop 

7:00pm 

Welcome  Reception 

TUESDAY,  MAY  25 

7:00am 

Buffet  Breakfast 

8:00am 

Welcome  and  Opening  Remarks 

8:15am 

Opening  Keynote  Presentation 

9:00am  -  Noon 

General  Sessions 

Noon 

Luncheon  and  Special  Presentation 

1 :30pm  -  3:30pm 

General  Sessions 

3:30pm  -  5:00pm 

Concurrent  Breakout  Sessions 

5:30pm 

Solutions  Showcase  &  Expo  with  Buffet  Dinner 

WEDNESDAY,  MAY  26 


7:00am 

8:00am 

8:15am 

9:00am  -  12:15pm 
12:15pm 

1 :30pm  -  5:00pm 
5:30pm 


Buffet  Breakfast 
Opening  Remarks 
Opening  Keynote  Presentation 
General  Sessions 

Solutions  Showcase  &  Expo  with  Buffet  Lunch 
General  Sessions 
Gala  Evening 


THURSDAY,  MAY  27 

7:30am  Buffet  Breakfast 

8:30am  Analyst  Updates 

1 1 :30am  Conference  Concludes 
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Travel  Services  and  Accommodations 


IDG  Travel  is  the  official  travel  company  for 
They  are  your  one-stop  shop  for  exclusive 
discounted  rates  on  hotel  accommodations. 

To  reserve  your  accommodations: 
visit  www.etcentral.com  OR 


Mobile  &  Wireless  World. 


*IDG 

TRAVEL  SERVICES 


call  1-800-340-2262  (or  1-508-820-8686) 


Pre-Conference 
Golf  Outing 

Complimentary  for  Registered  IT  End-Users 

The  Pre-Conference  Golf  Outing  at  The  Palms 
Course,  located  at  the  JW  Marriott  Desert  Springs 
Resort,  is  complimentary  ($165  value)  for  registered 
IT  End-Users.  (Other  participants,  including  sponsors 
and  vendors,  may  play  on  an  “as  available"  basis  and  are 
responsible  for  all  applicable  golf  outing  expenses.) 


For  details:  contact  Chris  Leger  at  1  -508-820-8277 


The  JW  Marriott 
Desert  Springs  Resort 
in  Palm  Desert, 
California 


“...  information  and  contacts 
gathered  ...  play  into  the 
decision  we  make  on  our  future 
products  and  strategy ...” 

Tom  Dillon 

Manager,  Mobile  &  Wireless 


Hilton  Hotels 


“...  brings  IT  together  -  from  both 
the  vendor  and  user  community 
-  for  an  exchange  that  leads  to 
the  introduction  of  new  and 
better  technologies ..." 

Ken  Newman 
Director  &  Risk  Manager 


Deutsche  Bank 


“...  enables  me  to  understand 
what’s  going  on  and  what 
will  go  on  in  the  future  ..." 

Ken  Venner 
CIO 

Broadcom 
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Registration  questions?  Please  call  1  -800-883-9090  or  Email:  mwwreg@computerworld.com 

Visit  our  website  at:  www.mwwusa.com/mcwt 


CODE:  MCWT 


OPTIONS: 

All  dollar  amounts  are  in  U.S.  funds;  registrations  include  full  access  to 
all  sessions,  the  Expo,  meals  and  receptions.  Transportation  and  hotel 
accommodations  are  your  responsibility  and  can  be  reserved  by  visiting 
www.etcentral.com,  calling  1  -800-340-2262,  or  emailing  eventhousmg@idg.com 

Earlybird 

Registration 

:  (through  April  1 7, 2004) 

i  Pre-Conference 

1  Registration 

j  (April  1 7  through  May  1 7, 2004) 

Full/On-Site 
!  Registration 

j  (on  or  after  May  1 7, 2004) 

IT  End-User:* 

□  $995 

□  $1,295 

□  $1,495 

Non-Sponsoring  Vendor:** 

□  $5,000 

□  $5,000 

□  $5,000 

IT  End-Users  are  defined  as  those  who  are  attending  Computerworld's  Mobile  &  Wireless  World  with  an  intent  (and  an  IT  spending  budget)  to  potentially  buy/lease  hard¬ 
ware/software/services,  etc.  from  our  conference  sponsors  and  exhibitors,  and  are  themselves  not  a  mobile  &  wireless  industry  vendor  organization.  As  such,  account  rep¬ 
resentatives,  business  development  personnel,  analysts,  and  anyone  else  attending  who  does  not  have  IT  purchasing  influence  within  their  organization  are  excluded  from 
the  "IT  End-User"  designation.  Interpretation  and  enforcement  of  this  policy  are  at  the  sole  discretion  of  Computerworld.  Please  call  1  -800-883-9090  with  questions. 


Reserve  your  accommodations  at: 
www.etcentral.com  or  call: 
1-800-340-2262  or 
Email:  eventhousing@idg.com 


Vendors  are  encouraged  to  participate  in  Computerworld's  Mobile  &  Wireless  World  through  sponsorship.  (Details  are  available  by  calling  Leo  Leger  at  1  -508-820-8212.) 
Alternatively,  vendors  and  other  "non-IT  end-user"  professionals  as  defined  by  Computerworld,  may  apply  for  registration  at  the  "non-sponsoring  vendor"  rate.  Determination  of  what  con¬ 
stitutes  a  "non -sponsoring  vendor"  registration  is  at  the  sole  discretion  of  Computerworld. 


Registration  Information:  (This  section  must  be  completed  in  order  to  process  your  application) 


First  Name: _ 

Title: _ 

Street  Address: 
City: _ 


Middle  Initial: _  Last  Name: _ 

_ Company: _ 

_  Suite,  Apt.,  etc.:  _ 

_  State/Prov:  _  Zip/Postal  Code: 


Country: _  Phone  Number: _ Extension: 

Fax  Number: _ E-Mail  Address: _ 

Corporate/Business  Website: _ □  Special  Services  Required?  (Please  attach  written  description) 

Would  you  like  to  receive  information  about  the  golf  outing  on  Monday,  May  24th?  □  Yes  □  No 


Attendee  Profile!  (This  section  must  be  completed  in  order  to  process  your  application) 


Your  business/industry: 

□  Transportation  /  Utilities/Energy 

□  Mining  /  Oil  /  Gas 

□  Non-Profit  /  Trade  Association 

□  Media  /  Publishing 

□  Banking 

□  Finance 

□  Accounting 

□  Insurance 

□  Real  Estate 

□  Telecommunications 

□  Wholesale  /  Retail  (non-computer) 

□  Computer  Service  Provider 

□  Advertising  /  Marketing  /  Public  Relations 

□  Entertainment 

□  Education 

□  Food  Industry 

□  Government  /  Military 

□  Healthcare  /  Medical  Services 

□  Travel  /Hospitality  /  Recreation 

□  Manufacturing  (non-IT) 

□  Automobile 

□  Computers,  Communications  or  Peripheral  Equipment 
or  Software  Manufacturing 

□  Agriculture  /  Forestry  /  Fisheries 

□  Other 

Your  job  title/function: 

□  CEO/COO/Chairman/President 

□  CIO/CTO 

□  VP/GM/Director 

□  IS/IT  Director/Manager 

□  Other  IS/IT  Department  Manager/Supervisor 

□  Other  Corporate/Business  Manager 

□  Corporate/Business  Staff 

□  Consultant  (Internal)  or  Other 


Number  of  employees  in  your  entire  organization 
(ALL  locations): 

□  Over  10,000 

□  5,000  -  9,999 

□  1,000  -  4,999 

□  500  -  999 

□  Under  500 


What  is  the  estimated  annual  revenue  of  your  entire 
organization?: 

□  Over  $10  Billion 

□  $1  Billion  -  $9.9  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million  -  $499  Million 

□  Under  $100  Million 

Your  organization’s  annual  IT/IS  budget  for  all  ST/IS 
products: 

□  Over  $1  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million  -  $499  Million 

□  $10  Million  -  $99  Million 

□  $1  Million  -  $9.9  Million 

□  Under  $1  Million 

What  is  Your  Organization’s  Primary  Mobile  &  Wireless 
Desktop,  Notebook,  or  Tablet  PC  Provider? 

□  Acer 

□  Apple 

□  Dell 

□  Fujitsu 

□  Gateway 

□  Hewlett-Packard  /  Compaq 

□  IBM 

□  Sharp 

□  Sony 

□  Toshiba 


Payment  Method 

□  Check  Enclosed  (checks  must  be  received  by  May  3,  2004  payable  to 
Computerworld)  Mail  to:  Computerworld,  Attn:  Pam  Malingowski, 
500  Old  Connecticut  Path,  Framingham,  MA  01701 

□  American  Express  □  VISA  □  MasterCard 
Account  Number: 


Expiration  Date: _ 

Card  Holder  Name: 


Signature  of  Card  Holder: 


Cancellation  Policy 

In  the  event  of  cancellation,  the  registrant  has  three  options 
(all  of  which  require  written  notification): 

1 )  He  or  she  may  substitute  another  attendee  for  this  conference. 

2)  He  or  she  may  transfer  this  registration  to  the  next 
Mobile  &  Wireless  World  Conference. 

3)  The  registration  fee  will  be  refunded,  less  $250  service  charge, 
if  written  notice  is  received  by  May  3,  2004. 

Please  send  cancellation  requests  via  email  to:  mwwreg@computerworld.com 


Computerworld  reserves  the  right  to  limit 
and/or  refuse  any  registration  for  any  reason. 


Please  fax  this  completed  application  to  508-820-8254 


www.computerworld.com 


is  a  heavy  SAP  user  and  now  they  see  SAP  has  a  strong 
portal  offering,  do  they  migrate  [all  their  portals]  to 
SAP?”  Torbey  says  many  TandemSeven  clients  face  a 
similar  decision  if  their  company  is  heavily  invested  in 
IBM,  PeopleSoft  Inc.,  Oracle  Corp.  or  Microsoft 
Corp.  applications. 

Ellis  says  Wells  Fargo’s  investment  in  BEA  Systems 
Inc.’s  enterprise  software  played  a  major  role  in  the 
San  Francisco-based  company’s  decision  to  use 
BEA’s  WebLogic  Portal  to  create  a  consolidated  por¬ 
tal  for  employees.  “We  already  used  BEA  for  applica¬ 
tion  servers,  and  that  connection  was  important  be¬ 
cause  it  simplified  pulling  data  and  workflow  out  of 
[existing  applications],”  he  says. 

A  few  years  ago,  businesses  seeking  to  implement 
portals  were  likely  to  perform  a  “runoff”  among  lead¬ 
ing  portal-software  specialists.  Today,  Torbey  says, 
the  choice  is  different:  A  large  company  is  likely  to 
be  a  customer  of  at  least  a  few  vendors  that  now  of¬ 
fer  portal  tools,  so  the  question  is,  which  one  does 
the  company  migrate  to? 

If  that  seems  like  an  easier  choice,  think  again.  In 
late  2001,  Whirlpool  Corp.  in  Benton  Harbor,  Mich., 
decided  to  streamline  its  portals  picture. 

“We  had  a  lot  of  Web  sites  that  people  called  por¬ 
tals  —  less  than  50  —  but  we  were  headed  down  that 
[proliferation]  path,”  says  Gil  Urban,  Whirlpool’s  in¬ 
formation  systems  director.  Various  Whirlpool  facto¬ 
ries,  regional  offices  and  business  units  had  each 
thrown  together  Web  sites  or  portals. 

Initially,  the  manufacturing  giant  leaned  toward 
Plumtree’s  portal  software,  which  Urban  describes  as 
“the  leader  at  the  time.”  But  Whirlpool’s  goals  ex¬ 
panded  when  the  company  decided  to  develop  a  por¬ 
tal  for  all  15,000  of  its  employees.  “We’re  a  heavy  IBM 
user  with  lots  of  IBM  infrastructure,”  Urban  says.  As 
a  result,  Whirlpool  opted  to  use  IBM’s  WebSphere 
Portal,  even  though  he  thought  some  competitors’ 
products  were  superior  at  the  time. 

“In  2001,  it  was  a  good  product,  but  not  best  in 
class,”  Urban  says.  “But  we  thought  that  in  the  future 
it  would  be  the  best,  and  now  it  is.” 

Here’s  where  things  get  complicated,  though,  not 
just  for  Whirlpool  but  potentially  for  other  large 
businesses:  The  manufacturer  is  also  a  major  user  of 
SAP  enterprise  applications.  When  Whirlpool  select¬ 
ed  IBM,  SAP’s  NetWeaver  portal  product  wasn’t  yet 
available.  Now  that  it  is,  Whirlpool  is  implementing  a 
split  strategy  that  will  tack  an  SAP  front  end  onto 
WebSphere  Portal  for  the  2,000  or  so  employees  ac¬ 
customed  to  working  with  SAP.  “Those  2,000  will 
have  an  SAP  interface  to  the  operational  side,”  Urban 
says.  “But  for  standard  employee  services,  they’ll  be 
on  MyWhirlpool,”  the  company’s  IBM-based  portal. 

Content  Management 

When  companies  start  to  consolidate  portals,  one  of 
the  big  headaches  they  run  into  is  scattershot  con¬ 
tent  updating.  Depending  on  the  enthusiasm  and  ex¬ 
pertise  of  employees,  some  departments  diligently 
update  their  portals  or  Web  pages  —  while  others 
may  lag  behind  by  months  or  even  years. 

That  was  the  case  when  the  nation  of  Bermuda  un¬ 
dertook  a  project  to  convert  its  38  departmental  por¬ 
tals  and  Web  sites  into  a  single  portal  that  would 
serve  citizens,  businesses,  tourists  and  government 
workers.  Bermuda’s  government  considered  more 
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Most  leading  software  vendors  offer  a  portal  product 
as  a  component  of  their  enterprise  suites.  In  addition,  por¬ 
tal  specialists  Plumtree  and  Vignette  remain  market  forces. 

VENDOR 

PORTAL  PRODUCT 

BEA  Systems 

(www.bea.com) 

BEA  WebLogic  Portal 

IBM 

(www.ibm.com) 

IBM  WebSphere  Portal 
Version  5 

Microsoft 

(www.microsoft.com) 

SharePoint  Portal 

Server  2003 

Oracle 

(www.oracle.com) 

Oracle  Portal 

PeopleSoft 

(www.peoplesoft.com) 

PeopleSoft 

Enterprise  Portal 

Plumtree  Software 
(www.plumtree.com) 

Plumtree  Corporate 

Portal 

SAP 

(www.sap.com) 

SAP  Enterprise  Portal 

Sun  Microsystems  Inc. 
(www.sun.com) 

Sun  Java  System 

Portal  Server 

Vignette 

(www.vignette.com) 

Vignette  Application 

Portal  V7 

than  a  dozen  vendors  before  settling  on  Plumtree. 
According  to  Nigel  Hickson,  Bermuda’s  e-commerce 
chief,  content  management  and  related  workflow 
were  key  Plumtree  differentiators. 

Bermuda  plans  to  designate  a  content  maintainer 
in  each  government  agency,  then  train  agency  work¬ 
ers  to  fill  out  templates  provided  in  Plumtree  Con¬ 
tent  Server.  IT  has  created  standardized  portlet  tem¬ 
plates  so  content  maintainers  don’t  have  to  worry 


about  issues  such  as  formatting.  For  example,  when 
an  e-mail  address  or  phone  number  changes,  the 
maintainer  simply  calls  up  a  “Contact  Us”  portlet, 
keys  in  the  new  data  and  saves. 

Like  many  other  organizations,  Bermuda’s  govern¬ 
ment  early  on  decided  to  blow  up  its  existing  portals 
and  Web  sites  and  rebuild  from  scratch.  Hickson  says 
that  in  the  long  run,  this  involved  less  work  and 
made  for  a  cleaner  final  product  than  would  have 
been  possible  through  integration. 

What  happens  next  varies  by  agency  —  that’s 
the  flexibility  Hickson  likes.  “In  the  Department  of 
E-commerce,  it’s  just  me,”  he  says.  “So  the  approval 
process,  such  as  it  is,  consists  of  me  checking  my 
spelling.”  In  a  larger  agency  with  a  more  defined 
workflow,  the  people  who  need  to  sign  off  on  a 
change  are  automatically  notified  that  the  content 
maintainer  has  made  one. 

Getting  a  grasp  on  the  myriad  Web,  intranet  and 
portal  sites  that  most  businesses  have  is  a  task  more 
and  more  IT  managers  are  facing.  But  much  of  the 
work  is  just  a  matter  of  excising  unneeded  content  — 
Ellis  says  Wells  Fargo  turned  10,000  pages  of  content 
into  2,000  —  and  a  variety  of  applications  automate 
significant  parts  of  the  process. 

The  taxonomy  products  offered  by  portal  vendors 
can  help  with  this  consolidation.  Taxonomy  tools  use 
Web  services  to  scan  other  data  sources,  such  as  Web 
pages,  for  new  or  deleted  content,  thus  automatically 
updating  an  enterprise  portal  directory.  Without 
such  a  directory,  the  applications  and  content  in  the 
portal  can  result  in  sprawl. 

Wells  Fargo  uses  BEA’s  taxonomy  tools  to  ensure 
that  data  from  outside  sources  remains  pertinent  and 
up  to  date,  Ellis  says.  And  delivering  fresh,  useful  in¬ 
formation  is  the  goal  of  any  portal  project.  ©  46449 


Ulfelder  is  a  Computerworld  contributing  writer 
in  Southboro,  Mass.  He  can  be  reached  at 
sulfelder@charter.net. 


Setting  the 

Two  evolving  standards  could  help  make  portal  consolida¬ 
tion  easier  for  companies  by  letting  developers  write  inter¬ 
changeable  components,  called  portlets,  in  any  language 
and  environment  they  choose: 

■  Web  Services  Remote  Portlet  (WSRP).  This  standard 
was  approved  last  September  by  OASIS,  the  Organization 
for  the  Advancement  of  Structured  Information  Standards. 

The  idea  is  to  allow  portals  to  use  Web  services  technol¬ 
ogy  to  invoke  various  content  sources.  WSRP  backers  say 
widespread  adoption  of  the  standard  will  free  enterprises 
of  the  need  to  either  host  a  content  source  at  the  location 
of  the  portal  server  or  to  write  new  code  for  each  remote 
content  source.  Instead,  developers  would  write  portlets  in 
the  environment  of  their  choosing. 

WSRP  enjoys  the  support  of  virtually  every  vendor  in 
the  portal  arena. 

■  JSR 168.  This  specification  is  intended  to  enable  inter¬ 
operability  between  portlets  and  portals.  The  name  refers 
to  the  number  of  the  Java  Specification  Request  created 
by  the  Java  Community  Process,  a  group  of  Java  develop- 


Standards 

ers  and  licensees.  JSR  168  will  define  a  set  of  application 
programming  interfaces  for  portals,  addressing  aggrega¬ 
tion,  personalization,  presentation  and  security. 

So  far,  the  standards  have  received  mixed  reviews. 

“There’s  certainly  a  market  need  for  standards  in  this  field, 
because  portal  deployments  are  expensive  and  require 
specialized  skills,"  says  Ray  Valdes,  an  analyst  at  Stam¬ 
ford,  Conn.-based  Gartner. 

However,  Valdes  describes  the  first  versions  of  WSRP 
and  JSR  168  as  “underpowered.”  He  adds,  “It's  not  quite 
accurate  to  say  they  were  too  little,  too  late  -  but  they  look 
a  long  time  to  arrive  and  weren’t  as  valuable  as  people  had 
been  hoping." 

However,  OASIS  and  the  Java  Community  Process 
are  already  working  on  stouter  versions  of  WSRP  and 
JSR  168.  And  because  each  standard  enjoys  unusually  H 
broad  vendor  support,  they  are  expected  to  take  hold  in 
the  next  18  months  and  make  it  significantly  easier  for  IT 
organizations  to  write  portal  components. 

~  Steve  Ulfelder 
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Robert  lang,  a  laser 
physicist  and  origami 
artist  for  more  than 
30  years,  continues  to 
be  amazed  at  the  po¬ 
tential  applications  of  the  cen¬ 
turies-old  art  of  paper  folding. 
“You  would  think  that  there  is 
not  much  you  can  do  with 
origami  as  an  art  form  that  has 
not  been  already  fig¬ 
ured  out,”  he  says. 

But,  Lang  adds, 
origami  artists  contin¬ 
ue  to  “demonstrate 


FUTURE 

WATCH® 


new  structures  and  realize 
new  levels  of  beauty,”  a  state¬ 
ment  well  supported  by  his 
own  origami  renderings  of 
subjects  such  as  cows,  fish, 
blue  herons  and  owls. 

Origami  was  purely  a  hobby 
for  Lang  until  he  decided  to 


apply  the  kind  of  mathematical 
modeling  he  used  in  laser 
physics  to  paper  folding. 

Lang,  who  is  based  in 
Alamo,  Calif.,  now  considers 
himself  a  full-time  artist.  He 
says  computational  origami 
helped  him  automate  the 
process  by  which  he  deter¬ 
mined  how  to  make  the  pre¬ 
cise  kinds  of  folds 
needed  to  produce  a 
multilegged  insect  and 
its  antennae. 

After  he  did  that,  he 


realized  that  the  theory  and 
equations  he  developed  to 
make  better  origami  figures 
could  also  be  applied  to  engi¬ 
neering  problems  in  which  a 
large  surface  needs  to  be  fold¬ 
ed  to  fit  into  a  flat  space  with¬ 
out  cutting. 


Today,  while  concentrating 
on  his  art,  Lang  also  works  as 
an  industrial  consultant,  ap¬ 
plying  his  computational 
origami  expertise  to  the  de¬ 
sign  of  a  range  of  products,  in¬ 
cluding  consumer  electronics 
and  medical  equipment. 

From  Birds  to  Air  Bags 

EASi  Engineering  GmbH  in 
Alzenau,  Germany,  asked  Lang 
to  help  determine  how  to 
squeeze  a  very  large  object  — 
an  automobile  air  bag  —  into  a 
tiny  compartment  inside  a 
steering  wheel.  Lang  had  al¬ 
ready  developed  algorithms  to 
flatten  a  set  of  polygons,  and 
he  applied  them  to  a  computer 
simulation  of  how  to  flatten 
the  3-D  polyhedron  shape  of 
an  inflated  air  bag.  This  proc¬ 
ess  saved  time  and  eliminated 
the  expensive  requirement  of 
crashing  real  cars  to  deter¬ 
mine  if  an  air-bag  design 
would  really  work,  Lang  says. 

The  air-bag  design  was 
based  on  an  algorithm  Lang 
calls  the  “universal  molecule,” 
which  flattens  a  set  of  poly¬ 
gons  so  their  edges  remain 
aligned  to  one  another. 

Lang  sees  a  definite  future 
for  computational  origami  in 
engineering  and  design  work, 
but  he  acknowledges  that  the 
field  is  relatively  esoteric  and 
requires  artistic  as  well  as 
computational,  mathematical 
and  engineering  skills. 

“You  have  to  be  able  to  fold 
paper”  before  proceeding  to 
computational  origami,  he  says. 

Lang  developed  software 
called  TreeMaker  that  runs  on 
Apple  Macintosh  computers 
and  helps  automate  origami 
design.  The  program,  which 


Lang  said  can  be  mastered  by 
a  high  school  student,  helps 
users  figure  out  how  to  fold  a 
square  into  a  number  shapes. 

A  user  outlines  a  figure  on  the 
TreeMaker  screen,  and  the 
software  determines  the  num¬ 
ber  of  flaps  required  to  make 
that  particular  shape. 

If  users  want  to  create  ad¬ 
vanced  designs  (such  as  that 
of  an  air  bag),  they  can  down¬ 
load  additional  algorithms 
from  the  Treemaker  Web  site 
( http://ongami.kvi.nl/ 
programs/treemaker/). 

But  Lang  says  only  100  or  so 
people  have  downloaded  the 
software,  and  only  about  five 
or  10  are  using  it,  another  indi¬ 
cation  that  the  field  of  compu¬ 
tational  origami  is  still  in  its 
early  stages. 

Bad  Folds 

Erik  Demaine,  a  22-year-old 
professor  of  electrical  engi¬ 
neering  and  computer  science 
at  MIT,  started  folding  paper 
at  age  6  and  developed  that 
hobby  into  the  study  of  the 
mathematics  of  folded  forms. 

Demaine  now  studies  folds 
in  proteins,  the  basic  building 
blocks  of  life.  He  believes  that 
computational  origami  could 
fight  diseases  that  are  current¬ 
ly  incurable,  such  as  mad  cow 
disease,  which  are  caused  by 
proteins  that  have  what  he 
calls  “bad  folds.” 

Demaine,  a  2003  winner  of  a 
MacArthur  Foundation  Fel¬ 
lowship  —  commonly  known 
as  “genius”  grant  —  calls  pro¬ 
tein  folding  his  “main  area  of 
interest”  and  says  he  plans  to 
apply  what  he  learned  from 
paper  folding  to  figure  out 
why  some  proteins  fold  into  a 


useful  shape  and  others  do 
not.  That  research  could  even¬ 
tually  lead  to  the  design  of 
custom  proteins  that  fight  dis¬ 
ease.  The  custom  proteins 
could  then  be  unleashed  to  de¬ 
stroy  “bad”  proteins. 

Ajay  Royyuru,  manager  of 
the  computational  center  at 
IBM  Research  in  Yorktown, 
N.Y.,  agrees  that  determining 
the  way  various  proteins  twist 
and  fold  could  help  provide 
cures  for  diseases  such  as 
Alzheimer’s  and  cystic  fibrosis. 

Computational  origami 
could  help  scientists  crack 
some  basic  secrets  of  protein 
structure  and  sequence,  Roy¬ 
yuru  says.  The  technology 
could  help  scientists  deter¬ 
mine  why  a  protein  falls  into  a 
specific  shape  “and  why  that 
shape  and  nothing  else.”  High¬ 
speed  computers  can  be  used 
to  develop  “fold  recognition” 
software  and  help  simulate 
folding  patterns,  Royyuru  says. 

But  determining  what  he 
refers  to  as  “correct”  and  “in¬ 
correct”  protein  folds  by  mod¬ 
eling  them  with  computation¬ 
al  origami  is  a  daunting  task, 
he  says,  requiring  computers 
two  to  three  times  more  pow¬ 
erful  than  the  most  powerful 
supercomputer  in  existence. 

That  power  can  be  deliv¬ 
ered  only  by  a  computer  oper¬ 
ating  at  a  quadrillion  opera¬ 
tions  per  second  (1  petaflop, 
or  1,000  teraflops),  and  IBM  is 
developing  such  a  computer 
as  part  of  its  Blue  Gene  proj¬ 
ect.  IBM  says  it  will  have  a 
machine  capable  of  360  tera¬ 
flops  by  2005,  but  Royyuru 
says  advancing  to  a  petaflop- 
speed  machine  will  be  “quite  a 
jump,”  and  he  can’t  predict 
when  a  computer  like  that  will 
be  available. 

Even  after  such  a  machine  is 
delivered,  it  could  still  take 
decades  to  unravel  the  myster¬ 
ies  of  protein  folds,  Royyuru 
says.  But  perhaps  that  effort 
will  be  aided  by  science  that 
harkens  back  to  techniques 
used  to  create  elegant  paper 
birds.  ©  46430 
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Computational  origami  goes  to  the  fair. 
Read  about  it  online: 
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A  server  engineered  to  deliver  on  both  sides  of  the  price/performance  equation 


The  HP  ProLiant  DL380  G3  gives  you  true  high  performance  at  a  truly  affordable  price,  while  our  Intel®  Xeon™ 

processor-powered  HP  ProLiant  DL380  G3  server  certainly  offers  blazing  performance,  the  engineers  behind  it  would  challenge  you  to  rethink  the  definition 
of  performance  entirely.  Consider,  for  example,  what  happens  when  you  need  to  add  a  storage  device  to  a  typical  server— the  server  must  be  powered 
down,  and  your  productivity  drops  to  zero.  This  fact  led  us  to  design  hot-pluggable  technology  on  the  DL380  that  allows  you  to  swap  out  a  number  of  key 
server  components,  including  the  reliable  and  efficient  HP  DAT  7 2h  tape  backup  solution  without  ever  interrupting  server  operation.  The  DL380  and  DAT  72h 
also  feature  space-saving  designs,  and  server  management  is  easy  yet  robust  thanks  to  our  ProLiant  Essentials  Software.  Demand  more  uptime  and  more  real 
performance  from  a  server.  And  demand  more  value,  from  HR 


HP  ProLiant  DL380 

G3  SERVER 

$3,018 

One  Intel®  Xeon™  processor  3.06GHz  with 
512KB  cache  (upgradable  to  2  x  3.20GHz) 

1GB  PC2100DDR  SDRAM  (12GB  maximum)* 

Integrated  Lights-Out  (iLO) 
management  (standard) 

ServerWorks  GC-LE  Chipset 
Integrated  Smart  Array  5i  Plus  Controller 
Three  available  PCI-X  slots  (2  hot  pluggable) 
Two  NC7781  PCI-X  Gigabit  NICs  (embedded) 


Enhance  your  system. 


HP  STORAGEWORKS  DAT  72h 

HOT-PLUG  TAPE  DRIVE 

~  Industry-standard  DDS  technology 

—  Up  to  36GB  native  capacity  on  a  single 
tape,  72GB  at  2:1  compression^ 

-  HP  StorageWorks  One-Button  Disaster 
Recovery  (OBDR)  restores  your  entire 
system  at  the  touch  of  a  button 

“  Up  to  3MB/s  native  data  transfer  rate, 
6MB/s  with  2:1  compression 

$1,349 

(after  $150  instant  savings) 


*HP  StorageWorks  DAT  72h  offer  good  through  5/31/04. 


invent 


BUY  NOW 

Click  www.hp.com/go/proliantesg2 

Call  Toll  Free 

n—wri  i  wit 

1-888-367-1949 
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Reductions  taken  at  time  of  purchase,  *HP  StorageWorks  DAT  72h  hot-plug  tape  drive  offer  ends  5/31/04.  Other  restrictions  may  apply.  Prices  shown  are  HP  direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change 
and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient's  address.  Limited  order  quantities.  Offers  cannot  be  combined  with  any  other  offer  or  discount  and  are  good  while  supplies  last.  Promotions  void  where  prohibited  or 
restricted  by  law.  HP  reserves  the  right  to  modify  or  withdraw  these  promotions  at  any  time.  HPFSC  reserves  the  right  to  change  or  cancel  this  program  at  any  time  without  notice,  'For  hard  drives,  GB=billion  bytes.  All  featured  offers 
available  in  U.S.  only.  Intel,  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  U.S.  and  other  countries.  ©2004  Hewlett-Packard  Development  Company,  L.P. 
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Security  Policy 
A  Paper  Tiger 

Ignored  security  policies  result  in  problems 
ranging  from  rogue  access  points  to  inade¬ 
quate  incident  response.  By  Mathias  Thurman 


I  FACED  TWO  ISSUES  this 
week,  and  both  came  about 
as  a  result  of  security  poli¬ 
cies  that  have  been  rou¬ 
tinely  ignored.  The  first  had 
to  do  with  our  wireless  LAN 
infrastructure. 

Although  I  work  out  of  the 
main  data  center,  I  frequently 
travel  to  the  corporate  head¬ 
quarters  campus.  On  those  oc¬ 
casions,  I  often  use  my  iPaq 
Pocket  PC  and  AirMagnet 
Inc.’s  software  to  scan 
for  rogue  access 
points  on  the  WLAN. 

The  installation  of 
unauthorized  APs  has 
been  a  continuing 
problem,  so  when  I 
detected  one  the  oth¬ 
er  day,  I  wasn’t  surprised. 

This  AP  registered  a  signal 
strength  of  about  70%  — 
strong  enough  to  lead  me  to 
believe  that  it  wasn’t  transmit¬ 
ting  from  outside  of  my  com¬ 
pany’s  offices.  Indeed,  I  was 
able  to  associate  to  the  AP, 
open  a  browser  window  and 
get  to  the  corporate  intranet. 
The  device  had  no  encryption 
enabled,  it  was  broadcasting 
the  Service  Set  Identifier 
code,  and  the  AP  gave  my  de¬ 
vice  an  IP  address  that  wasn’t 
within  our  corporate  address 
range. 

I  called  the  network  engi¬ 
neering  group  and  gave  it  my 
device’s  media  access  control 
address  and  location,  thinking 
that  they  could  log  into  the 
switch  that  was  serving  the  lo¬ 
cation,  look  up  my  MAC  ad¬ 
dress,  identify  the  port  and 
trace  it  to  a  specific  wall  jack. 
In  the  past,  I’ve  successfully 
identified  rogue  APs  in  this 
manner. 

However,  in  this  instance, 
the  group  wasn’t  able  to  find 
my  MAC  address.  I  even  had 


the  network  engineer  check 
some  nearby  switches,  but  no 
luck.  Then  I  tried  using  Air- 
Magnet’s  Find  utility,  which 
works  as  a  signal-strength  me¬ 
ter  to  help  locate  the  AP.  I’ve 
gotten  close  in  the  past  using 
this  method,  but  it  still  re¬ 
quires  that  I  peek  into  employ¬ 
ee  offices,  conference  rooms, 
break  areas  and  so  on,  to  visu¬ 
ally  locate  the  AP.  In  the 
process,  employees  have  got¬ 
ten  upset  with  me 
and  started  com¬ 
plaining. 

This  time,  how¬ 
ever,  it  worked  like 
a  charm.  I  could 
see  the  AP  sitting 
right  on  top  of  an 
employee’s  monitor. 

The  device  was  a  WLAN 
router,  which  explains  why  my 
MAC  address  didn’t  show  up 
on  the  switch  port.  Because 
this  AP  functioned  as  a  router, 
not  a  hub,  the  MAC  address 
wouldn’t  have  registered  on 
the  switch.  The  employee 
wasn’t  in,  so  I  had  the  facilities 
department  open  his  office.  I 
then  unplugged  the  AP  and 
left  a  note  indicating  why  I 
had  disconnected  it. 

Later,  the  employee  said  he 


The  installation  of 
unauthorized  APs 
has  been  a  continu¬ 
ing  problem,  so 
when  I  detected  one 
the  other  day, 

I  wasn’t  surprised. 


had  installed  the  AP  because 
his  boss  “said  it  would  be  OK.” 
Neither  of  them  had  read  the 
network  access  policy  on  our 
intranet,  which  prohibits 
unauthorized  network-access 
devices  from  being  attached  to 
the  corporate  network.  Appar¬ 
ently,  our  policy  awareness 
training  still  isn’t  working.  I 
sent  him  a  note  with  a  Web 
link  to  the  policy. 

Something  in  Common 

A  few  weeks  back,  in  the  after- 
math  of  a  SQL  Slammer  out¬ 
break,  a  manager  proposed 
that  my  small  group  take 
on  incident-handling  and  re¬ 
mediation  issues  —  a  task  that 
other  departments  take  care 
of  today  and  that  we’re  not 
equipped  to  do  [QuickLink 
46060]. 

I  researched  how  we  can  do 
a  better  job  and  discovered 
that  IT  security  isn’t  the  only 
group  with  a  written  incident¬ 
handling  policy.  The  data  cen¬ 
ter  operations  group  has  its 
own,  20-page  guide,  and  the 
networking  group  has  some¬ 
thing  similar.  Each  contains 
relevant  information  with  re¬ 
spect  to  incident-handling 
best  practices,  but  each  is  de¬ 
partment-specific.  What’s 
even  more  disturbing,  how¬ 
ever,  is  that  no  one  uses  these 
documents.  They  just  sit  in  a 
binder  on  a  bookshelf  or  in 
electronic  form  in  a  shared 
disk  space  available  only  to 
members  of  each  department. 

To  rectify  that,  I  wrote  a 
single-page  incident-protocol 
document  that  outlines  the 
main  steps  all  departments 
should  take  when  responding 
to  an  incident.  My  goal  was  to 
create  something  that  could 
be  printed  on  a  small  refer¬ 
ence  card  and  placed  next  to 
the  telephone  contact  list,  se¬ 
curity  badge  and  SecurlD  to¬ 
ken  that  most  operations  em¬ 
ployees  carry  around.  I  fo¬ 
cused  on  four  areas:  prepara¬ 
tion,  identification,  response 
and  containment. 

Preparation  deals  with 
knowing  whom  to  call  when 
an  incident  occurs.  Identifica¬ 
tion  addresses  how  to  identify 
and  classify  an  event  to  avoid 
false  positives.  Response  dic¬ 
tates  the  actions  to  take  when 
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an  incident  has  occurred,  and 
containment  deals  with  how 
to  keep  the  incident  from 
doing  more  damage  or  contin¬ 
uing  to  affect  the  network. 

For  example,  containment 
might  involve  disabling  a 
switch  port  or  implementing 
access  control  lists  on  a  router. 
I  want  the  reference  card  to 
help  workers  become  more  ef¬ 
ficient  at  handling  incidents  in 
a  timely  manner.  Eventually, 
we’ll  create  a  formal  crisis- 
action  team  and  run  simula¬ 
tions  for  training. 

Although  we’re  getting  bet¬ 
ter  at  responding  to  incidents, 
common  problems  arise.  One 
is  that  no  one  wants  to  take 
charge.  There  are  always  lots 
of  managers,  directors,  engi¬ 
neers  and  analysts  standing 
around  the  operations  center, 
looking  at  logs,  e-mail  and 
other  tools  and  forming  opin¬ 
ions.  But  no  one  is  calling  the 
shots.  Eventually,  someone 
steps  up  to  the  plate. 

Another  problem  is  that 
there  is  always  confusion  as  to 
who  should  conduct  certain 
activities.  For  example,  a  com¬ 
mon  and  easy  way  to  identify 
a  Windows  resource  on  an  en¬ 
terprise  network  is  to  enter 
the  nbtstat-A  command.  In 
our  desktop  and  production 
server  environment,  this  com¬ 
mand  will  typically  identify 
the  user  or  system  name  of  the 
machine. 

For  some  reason,  there’s  al¬ 
ways  a  question  regarding 
who  should  issue  the  com¬ 
mand.  I  don’t  quite  under¬ 
stand  why,  as  it’s  a  task  that 
takes  only  a  few  seconds  to 
complete.  Hopefully,  by  creat¬ 
ing  a  common  incident- 
response  protocol  and  ensur¬ 
ing  that  everyone  is  on  the 
same  page,  our  responses  to  all 
events  will  become  standard¬ 
ized,  and  incident  manage¬ 
ment  will  become  a  routine 
aspect  of  doing  business.  0 

WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real  securi¬ 
ty  manager.  “Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias, 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 

©  computerworld.com/secjournal 


Security  Bookshelf 

■  Digital  Evidence  and  Com¬ 
puter  Crime,  Second  Edition, 

by  Eoghan  Casey;  _ 

Academic  Press, 

2004. 


This  behemoth  of  a 


*°'g™-ev|dei\ice  • 

COMPUTER  CRIME- 


book  offers  more 
than  680  pages  of 
useful  information 
on  digital  forensics 
and  computer  crime. 

There’s  something 
for  everyone  -  law  enforce¬ 
ment  agencies  that  collect  and 
process  evidence,  forensic  an¬ 
alysts,  lawyers  and  other  infor¬ 
mation  security  professionals. 

The  author  starts  out  with  a 
good  overview  of  the  history, 
law  and  general  process  sur¬ 
rounding  forensics  and  com¬ 
puter  crime,  and  Casey  does  a 
great  job  making  difficult  con¬ 
cepts  easy  to  understand. 

Such  explanations  may  come 
in  handy  when  you’re  trying  to 
get  a  technical  point  across  to 
a  lawyer. 

The  most  interesting  sec¬ 
tions  deal  with  the  actual 
forensics  theory  and  method¬ 
ologies  for  the  operating  sys¬ 
tems  and  hardware  in  use  to¬ 
day.  The  tools  and  methodolo¬ 
gies  described  are  up  to  date 
and  relevant,  and  the  case 
studies  are  detailed  perfectly. 
This  book  is  a  great  reference 
for  any  security  professional 
facing  issues  in  this  area. 

-  Mathias  Thurman 

Top  Security 
Technologies 

Growth  in  IT  security  spending 
by  technology  (compound 
growth  rate,  2002-06): 


!  ? 


SOURCE:  SURVEY  OF  1,275  IT  SECUR 
PROFESSIONALS.  FEBRUARY  2004,  FOOTE 
PARTNERS  LLC.  NEW  CANAAN.  CONN. 


THE  RIGHT  PIECE 
BRINGS  IT  ALL 
TOGETHER. 

Imagine  giving 
your  applications 
optimal  performance 
on  blade  servers. 


Thanks  to  the  blade  server  platform,  you've 
reduced  everything — server  size,  space,  cables, 
management  overhead  and  most  importantly, 
costs.  But  then  you  realize  that  even  when 
consolidated,  the  new  server  platform  still  has 
to  meet  the  same  demands:  it  has  to  be  highly 
available,  secure,  scalable  and  completely 
reliable  in  its  performance. 

How  do  you  meet  those  demands  without 
sacrificing  all  you've  just  gained?  F5's  BIG-IP® 
Blade  Controller  software  provides  traffic 
management  that  virtualizes  and  load  balances 
the  blade  server  environment.  Now  you  can  pool 
blades  and  concentrate  their  power,  route  traffic 
to  those  that  are  performing  well,  and  manage 
them  as  a  single  entity.  And  with  BIG-IP  Blade 
Controller  loaded  directly  onto  blade  servers, 
you're  guaranteed  to  achieve  the  high 
availability  performance  it  takes  to  reliably 
deliver  applications. 

Give  your  imagination  free  reign  and  your 
bottom  line  room  to  grow. 

Visit  www.f5.com/bccw  to  learn  more  and 
experience  a  flash  demo.  Or  call  800-916-7185. 
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Voyence  Launches 
Networking  System 

Voyence  Inc.  last  week  an¬ 
nounced  its  Voyence  Guaranteed 
Success  software,  which  is  in¬ 
tended  for  configuration  manage¬ 
ment  of  heterogeneous  networks 
of  all  sizes.  Voyence  Guaranteed 
Success  must  run  with  the 
VoyenceControl  appliance  for  full 
network  design,  change  and  com¬ 
pliance  management  capabilities, 
according  to  the  Richardson, 
Texas-based  company.  Voyence 
Guaranteed  Success  starts  at 
$15,995  for  support  of  up  to  100 
devices  and  is  available  now.  That 
price  includes  the  VoyenceControl 
appliance,  as  well  as  training  and 
certification. 


Exact  Upgrades 
Collaboration  App 

Exact  Software  North  America 
announced  that  it  has  added  fea¬ 
tures  to  its  Exact  e-Synergy  Web- 
based  collaboration  application 
that  will  allow  users  to  perform 
portal-based  online  cataloging, 
order  entry  and  order  manage¬ 
ment  tasks.  The  new  features, 
called  Web  Shop,  are  designed  to 
integrate  with  e-Synergy  and  the 
company’s  Macola  Enterprise 
Suite,  which  automatically  re¬ 
ceives  and  processes  orders,  said 
Andover,  Mass.-based  Exact 
Software.  Web  Shop  is  available 
now  as  part  of  e-Synergy  and  is 
priced  at  about  $1,000  per  user. 


Apreo  Releases 
Enforcement  Tool 

Apreo  Inc.  has  launched  Work¬ 
station  PolicyShield,  an  applica¬ 
tion  that's  designed  to  manage 
and  enforce  appropriate  use  of 
files  and  software  by  workers. 
Workstation  PolicyShield  detects 
spyware,  peer-to-peer  programs, 
games  and  other  unapproved  files 
at  the  moment  they  are  written  to 
the  network,  rather  than  after 
they  are  installed,  said  the  New¬ 
port  Beach,  Calif.-based  enter¬ 
prise  software  vendor.  Pricing 
for  the  application  starts  at 
S945  for  100  users. 


NICHOLAS  PETRELEY 


living  Down  to  a 
Low  Standard 


I  RECENTLY  SPENT  the  better  part  of  a  week 
working  with  the  latest  version  of  the  open- 
source  GNOME  graphical  desktop  environment 
on  Linux. 

I’ve  decided  that  the  only  way  to  explain  the 
regression  of  GNOME  over  the  years  is  that  Microsoft 
and/or  SCO  moles  have  infiltrated  the  GNOME  leader¬ 
ship  in  a  covert  effort  to  destroy  any  possibility  that 
Linux  could  compete  with  Windows  on  the  desktop. 


To  paraphrase  the  hu¬ 
morist  Peter  Schickele, 
who  was  describing  what  it 
was  like  to  discover  a  new 
music  manuscript  by  the 
(fictional)  inept  composer 
P.D.Q.  Bach,  “Each  time  I 
get  a  new  version  of 
GNOME,  there’s  this  feel¬ 
ing  of  anticipation  and  ex¬ 
hilaration  —  a  feeling  that 
this  new  version  of 
GNOME  can’t  possibly 
turn  out  to  be  as  bad  as  the 
last  one.  But  so  far,  each  new  version 
lives  down  to  the  same  low  standards 
set  by  the  previous  one.” 

By  the  time  a  software  project  gets 
to  Version  2.6,  a  user  might  reasonably 
expect  that  he  wouldn’t  have  to  adapt 
to  yet  another  paradigm  shift  in  basic 
user-interface  design,  especially  when 
it  comes  to  something  as  fundamental 
as  how  you  navigate  through  desktop 
folders.  Yet  this  is  precisely  what  users 
will  have  to  relearn  with  this  latest 
version  of  GNOME. 

The  GNOME  file  manager,  Nautilus, 
no  longer  allows  users  to  navigate 
through  folders  as  one  might  use  a 
Web  browser  or  Windows  Explorer. 
You  no  longer  browse  with  all  your  op¬ 
tions  accessible  in  a  single  window  or 
a  split  window  with  a  directory  tree  on 
the  left  and  icons  on  the  right.  Instead, 


each  double-click  on  a 
folder  icon  opens  a  new 
window  on  the  screen.  If 
this  sounds  familiar,  it’s  be¬ 
cause  this  was  the  default 
behavior  of  Windows  95, 
OS/2  and  early  versions  of 
Mac  OS.  The  fact  that  this 
isn’t  the  default  behavior 
of  any  mature  desktop  op¬ 
erating  system  might  have 
served  as  a  warning  sign  to 
GNOME’s  developers,  but 
never  mind  that. 

Having  used  OS/2  for  years,  I  found 
GNOME’s  retro  approach  to  be  a 
rather  pleasantly  nostalgic  experience. 
But  now  that  I’m  used  to  navigating 
folders  the  way  one  does  on  virtually 
every  other  desktop,  however,  I  decid¬ 
ed  to  tell  the  file  manager  not  to  open 
a  new  window  for  every  folder.  But  it 
turns  out  there  is  no  preference  set¬ 
ting  that  tells  Nautilus  to  use  a  single 
window  to  browse  folders. 

The  only  way  to  change  the  default 
behavior  of  Nautilus  is  to  set  an  ob¬ 
scure  registry  key  via  the  command 
line  or  the  registry  editor.  Not  even 
that  abomination  of  operating  systems, 
Windows  95,  made  users  retreat  to  the 
registry  editor  to  use  a  single  window 
to  navigate  folders.  I  can  only  assume 
that  the  GNOME  developers  decided 
to  make  Nautilus  a  worse  Windows 
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than  Windows.  I  toast  their  rousing 
success. 

Granted,  there  are  myriad  unintu¬ 
itive  keystrokes  and  shift-key/mouse- 
click  operations  you  can  use  to  make  it 
easier  to  navigate  folders,  all  of  which 
will  mean  squat  to  the  daft  simpletons 
the  GNOME  developers  say  they  are 
targeting  as  their  users.  But  GNOME 
developers  have  long  since  abandoned 
logic  when  defending  their  design 
choices.  For  example,  one  GNOME  de¬ 
veloper  says  there’s  a  good  reason  why 
users  can’t  change  individual  colors  in 
desktop  themes:  Someone  might  acci¬ 
dentally  make  both  the  text  and  back¬ 
ground  white,  thus  rendering  the  text 
unreadable. 

Of  course,  this  flaw  has  nothing  to 
do  with  the  inflexibility  of  the  primi¬ 
tive  graphical  tool  kit  upon  which 
GNOME  was  based.  It  was  deliberate¬ 
ly  designed  to  protect  users  who  are 
invariably  too  incompetent  to  pick 
their  own  colors  but  are  smart  enough 
to  memorize  shift-clicks  and  key¬ 
strokes  or  edit  the  registry  to  get  Nau¬ 
tilus  to  work  the  way  they  like. 

Of  all  the  criticisms  one  might  lodge 
against  GNOME,  it’s  the  hypocrisy  of 
its  design  philosophy  that  looms 
largest.  GNOME  grew  out  of  the  de¬ 
sire  to  free  people  from  Microsoft’s 
ability  to  dictate  what  users  can  or 
can’t  do.  Yet  GNOME  is  built  on  the 
premise  that  its  developers  are  so 
much  wiser  than  users  when  it  comes 
to  navigating  folders  and  setting  colors 
that  GNOME  users  shouldn’t  have  a 
choice  in  the  matter.  With  an  attitude 
like  that,  heaven  help  us  if  GNOME 
turns  out  to  be  the  only  defense  Linux 
has  on  the  desktop  against  a  Microsoft 
hegemony.  ©  46629 
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Managing  IT  Risk  at  Delta 

Delta  Technologies  uses  a 
rigorous  but  simple  scorecard 
to  balance  the  risk  of  technology 
failure  against  the  costs  of 
upgrading.  Page  34 


Career  Watch 

Mary  Finlay,  deputy  CIO  at  Partners 
Healthcare,  talks  about  the  Regional 
Leadership  Forum  and  soft  skills. 
Plus,  tips  for  managing  conflict  in 
the  IT  workplace.  Page  36 
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OPINION 

Risk/Reward  Contracts: 

Laying  the  Foundations 

Bart  Perkins  explains  how  to  manage  this 
type  of  contract  to  maximize  the  rewards 
while  minimizing  the  risks.  Page  37 


UTURES,  surgical  instruments 
and  other  medical  supplies 
typically  account  for  a  hefty 
25%  of  a  hospital’s  operating 
budget.  Add  labor  and  logistics 
costs,  and  the  total  jumps  to 
35%  to  40%,  according  to  the  Health¬ 
care  Financial  Management  Associa¬ 
tion,  an  industry  professional  organiza¬ 
tion  in  Westchester,  Ill. 


Yet  compared  with  other  industries, 
like  high  tech,  auto  manufacturing  and 
consumer  packaged  goods,  health  care 
—  and  hospitals  in  particular  —  is 
downright  dinosaurian  when  it  comes 
to  deploying  IT  to  better  manage  the 
supply  chain. 

Experts  recite  a  litany  of  explana¬ 
tions,  including  drum-tight  budgets 
and  a  sort  of  institutionalized  accep¬ 


tance  of  labor-intensive  manual 
materials-management  processes. 

“Hospitals  and  clinics  tend  to  want 
to  focus  the  dollars  they  have  on  pa¬ 
tient  care.  They’re  not  going  to  chan¬ 
nel  their  capital  budget  into  supply 
chain,”  says  David  Youndt,  chief  oper¬ 
ating  officer  at  Hospital  Logistics  Inc., 
a  for-profit  hospital  supply  and  logis¬ 
tics  company  launched  by  University 
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Supply  chain  pains  J  W  ” ^  ^ 

continue  to  plague  most 
hospitals.  Here’s  how  two 
leaders  used  IT  to  improve 
their  prognosis.  By  Julia  King 


Health  Network  in  Toronto. 

Given  hospitals’  primary  clinical 
mission,  supply  chain  excellence  is 
typically  undervalued  by  top  manage¬ 
ment,  say  many  in  the  industry. 

“The  prevailing  thinking  is  that  ma¬ 
terials  management  are  those  people 
we  can  just  keep  down  in  the  base¬ 
ment,”  says  Sara  Friesen,  former  direc¬ 
tor  of  supply  chain  at  Sunnybrook  and 
Women’s  Hospital  in  Toronto.  Now, 
Friesen  is  general  manager  of  Shared 
Healthcare  Supply  Services,  also  in 
Toronto. 

In  the  U.S.,  as  in  Canada,  the  hospital 
industry  remains  highly  fragmented, 
which  has  stymied  the  development  of 
standards  for  naming,  describing,  or¬ 
dering  and  paying  for  the  tens  of  thou¬ 
sands  of  products  that  hospitals  use. 
With  more  than  5,000  hospitals  and 
health  care  systems  in  the  U.S.,  no  sin¬ 
gle  organization  is  large  or  powerful 
enough  to  dictate  how  the  supply  chain 
works,  as  Wal-Mart  does  in  the  retail 
sector,  says  Lee  Marston,  CIO  at  Broad- 
lane  Inc.,  a  health  care  software  and 
services  company  in  San  Francisco. 

Also,  very  few  hospitals  have  a  sin¬ 
gle,  integrated  computer  system  for  or¬ 
dering,  tracking  and  paying  for  sup¬ 
plies.  The  upshot  is  that  physicians 
and  other  clinicians  regularly  buy  the 
brands  they  prefer  rather  than  items  a 
hospital  may  have  contracted  for  at  a 
discounted  price. 

Broadlane  conducted  a  yearlong 
analysis  of  all  of  the  supplies  purchased 
at  one  of  its  multihospital  clients.  It 
found  that  the  chain  had  spent  more 
than  eight  times  what  it  would  have 
spent  had  its  clinicians  all  purchased 
the  same  supplies  at  the  lowest  con¬ 
tracted  price.  “You  find  out  millions 
could  be  saved  if  everyone  got  together 
and  paid  the  same  price,”  Marston  says. 

The  problem  is  that  most  hospitals 
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lack  integrated  computer  systems  and 
therefore  don’t  have  easy  access  to  that 
kind  of  detailed  data. 

And  it’s  only  getting  worse  as  the  in¬ 
dustry  consolidates  and  hospitals  face 
the  onerous  task  of  integrating  their 
computer  systems  with  those  of  the  fa¬ 
cilities  they  acquire. 

Meanwhile,  the  cost  of  these  com¬ 
bined  supply  chain  inefficiencies  is 
staggering,  says  Albert  Pang,  an  analyst 
at  market  research  firm  IDC.  Hun¬ 
dreds  of  millions,  if  not  billions,  of  dol¬ 
lars  are  left  stranded  throughout  the 
hospital  supply  chain  in  the  absence  of 
common  computing  platforms,  stan¬ 
dard  product  descriptions  and  accu¬ 
rate  contract  pricing  data. 

Change  is  coming,  but  very  slowly. 
Industry  groups  are  working  on  prod¬ 
uct  data  standards,  and  physicians  are 
slowly  but  surely  coming  to  appreciate 
the  efficiencies  of  technology,  such  as 
wireless  handheld  devices  used  to 
electronically  write  and  transmit  pre¬ 
scriptions.  For  now,  though,  few  hospi¬ 
tals  have  seriously  tackled  supply 
chain  issues.  Here’s  a  look  at  two  that 
have,  using  very  different  strategies. 


Alliiia  Hospitals 
&  Clinics 

MINNEAPOLIS 

With  II  hospitals  and  43  clinics  in  Min¬ 
nesota  and  Wisconsin,  $1.8  billion  Alli- 
na  is  a  textbook  example  of  a  hospital 
system  that  grew  by  merger  and  acqui¬ 
sition.  In  1999,  each  of  the  facilities  had 
relatively  good  materials  management 
practices  in  place,  but  they  were  run¬ 
ning  on  no  fewer  than  six  legacy  com¬ 
puter  systems  in  which  procurement 
and  payment  data  was  not  automatical¬ 
ly  integrated  with  the  accounting  sys¬ 
tem.  The  Y2k  remediation  effort  gave 
Allina  an  opportunity  to  implement  a 
common  computing  platform  for  its 
highly  fragmented  materials  manage¬ 
ment  operation,  says  Scott  Grove,  di¬ 
rector  of  IT. 

Allina  implemented  Lawson  Soft¬ 
ware  Inc.’s  materials  management  and 
financial  applications  as  well  as  its 
contract-pricing  application,  which 
keeps  track  of  the  ever-changing  prices 
of  the  thousands  of  products  Allina  has 
negotiated  under  contract  with  various 
suppliers.  By  early  2000,  the  system 
had  gone  live,  giving  hospital  adminis¬ 
trators  their  first  glimpse  of  overall 
I  materials  purchasing  activity. 

I  “With  a  common  system,  we  finally 

1  had  a  stadium  to  play  the  supply  chain 

game  in,”  says  Grove.  “We  spent  a  lot 
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TEST  RESULTS 


In  2003,  the  health  care 
industry  wasted  more  than 
$11  billion  as  a  result  of 
supply  chain  inefficiencies. 

ss  Supplies  account  for  30% 

of  a  hospital’s  overall  cost 
structure. 

■  50%  of  all  medical  supplies 

are  bought  outside  of 
negotiated  contracts. 


of  time  mining  transaction  data  to 
come  up  with  good  usable  [purchas¬ 
ing]  information,”  which  pinpointed 
where  off-contract  buys  were  being 
made.  In  the  first  year,  the  system 
determined  that  only  50%  of  Allina’s 
purchases  were  on  contract. 

“Large  hospitals  buy  a  lot  of  stuff 
they  want  quickly  off  of  contract,” 
Grove  says,  and  the  hospital  ends  up 
paying  a  premium  on  those  orders. 

In  January  2003,  Allina  set  a  goal  to 
bump  up  contract  purchases  of  sup¬ 
plies  to  70%,  something  that  Grove 
says  is  possible  only  with  “very,  very 
clean  data  and  very  targeted  informa¬ 
tion.”  One  of  the  key  tasks  for  IT, 
which  worked  with  the  hospital’s  con¬ 
tract  administration  group,  was  keep¬ 
ing  contract  and  pricing  data  current 
and  accurate,  Grove  says. 

Every  month,  the  contracts  adminis¬ 
tration  group  combs  through  purchas¬ 
ing  reports  to  determine  which  buys 
were  made  on  and  off  contract,  tracing 
transactions  down  to  departments  and 
individual  buyers.  They  learned  that 
“if  you’ve  got  very  targeted  informa¬ 
tion  and  a  few  people  making  a  lot  of 
the  impact,  you  can  change  the  num¬ 


bers  very  quickly,”  Grove  says. 

Between  February  and  November 
2002,  spending  on  supplies  dropped 
from  13.2%  to  12.8%  of  net  patient  ser¬ 
vices  revenue,  but  that  small  change 
netted  between  $4  million  and  $4.5 
million,  Grove  notes.  Allina  also 
reached  its  70%  contract  buying  goal, 
which  translates  to  $100,000  in  savings 
for  every  1%  improvement  in  contract 
compliance,  he  adds. 

For  IT,  attaining  supply  chain  effi¬ 
ciencies  in  health  care  is  “a  heavy 
maintenance  issue  of  keeping  data 
clean,”  Grove  says.  “If  you  can  do  that, 
you  then  have  accurate  information. 
What  IT  did  is  really  focus  on  provid¬ 
ing  that  information  and  left  the 
change  management  issues  to  organi¬ 
zational  managers.” 

The  bottom  line:  “There  is  signifi¬ 
cant  payback,  but  it’s  [money]  you 
don’t  know  you’re  losing  until  you 
make  an  effort  to  go  out  and  quantify 
the  problem,”  Grove  says. 


University  Health 
Network 

TORONTO 

Dissatisfied  with  the  performance  of  an 
outsourcer  it  had  hired  to  handle  sup¬ 
ply  logistics  in  the  late  1990s,  the  three- 
hospital  University  Health  Network 
teamed  with  its  consulting  partner, 
Toronto-based  Thiinc  Logistics  Inc.,  to 
form  a  for-profit  hospital  supply  logis¬ 
tics  company.  Today,  that  company, 
known  as  Hospital  Logistics,  serves 
two  other  corporate  health  care  cus¬ 
tomers  in  Toronto  as  well  as  its  own 
three  hospitals.  The  venture  has  yet  to 
turn  a  profit,  but  it  has  increased  the 
accuracy  of  deliveries,  which  ultimate¬ 
ly  translates  to  better  patient  care,  says 


Too  Much  IT 


FIRST,  THE  GOOD  NEWS:  Business  to- 
business  health  care  exchanges,  medical 
distributors  and  manufacturers  of  health 
care  products  all  are  leveraging  IT  to 
streamline  hospital  supply  chains. 

Now,  the  bad  news:  There’s  little,  if 
any,  coordination. 

Health  care  has  no  one  gatekeeper. 

1  here  are  hundreds  of  thousands  of  prod¬ 
ucts,  ever-changing  contracts,  multitiered 
price  structures  based  on  purchase  vol¬ 
umes  and  no  single  set  of  standards  for 
naming,  describing  or  buying  and  selling 


products  electronically.  There's  also  keen 
competition  for  control,  which  so  far  has 
made  matters  worse,  not  better,  experts 
say. 

“Different  players  have  a  vested  inter¬ 
est  in  the  way  the  supply  chain  is  being 
run,”  says  IDC  analyst  Albert  Pang.  “Of¬ 
ten,  individual  suppliers,  distributors  and 
group  purchasing  organizations  try  to 
build  their  own  ecosystems  via  EDI  or  oth¬ 
er  electronic  transaction  systems  that 
make  direct  connections  to  hospital  facili¬ 
ties.”  All  too  frequently,  the  upshot  is 
more  and  more  uncoordinated  data, 
rather  than  useful  information. 

-Julia  King 


www.computerworld.com 


Kevin  Empey,  vice  president  of  finance 
and  corporate  services  at  University 
Health  Network. 

“Before,  we  were  receiving  between 
85%  and  90%  of  products  [that  had 
been  ordered]  every  day.  Now,  we  get 
between  98.5%  and  99.5%,”  reflecting  a 
significant  increase  in  order  accuracy, 
Empey  notes.  Among  other  things, 
that  means  surgical  cases  aren’t 
delayed  or  postponed  because  the 
required  instruments  aren’t  available, 
he  says,  adding  “we  did  not  do  this  for 
cost  savings;  we  did  it  for  service.” 

Nevertheless,  a  better  supply  logis¬ 
tics  operation  had  to  begin  with  an  in¬ 
tegrated  computing  system  that  could 
track  contract  information,  orders  and 
payments  as  well  as  warehousing  and 
delivery  operations. 

Hospital  Logistics  bought  and  modi¬ 
fied  ERP  software  from  Tecsys  Inc.,  a 
Montreal-based  vendor.  The  system 
supports  radio  frequency  identification 
scanning  and  the  use  of  handhelds  as 
well  as  in-hospital  logistics  activities, 
such  as  stocking  and  setting  up  prod¬ 
ucts  at  nursing  stations.  In  all,  the  sys¬ 
tem  tracks  more  than  25,000  items,  all 
on  a  just-in-time  basis,  from  the  point 
of  origin  to  delivery  at  a  nursing  sta¬ 
tion.  “We  spent  a  lot  of  time  on  IT  and 
designing  an  integrated  IT  platform,” 
says  Youndt. 

Sunnybrook  and  Women’s  Hospital, 
one  of  Hospital  Logistics’  customers, 
eliminated  its  on-site  supply  ware¬ 
house  and  now  maintains  minimal 
backup  inventory  because  supplies 
have  an  order-to-delivery  turnaround 
time  of  less  than  12  hours.  Customer 
hospitals  maintain  very  little  inventory 
and  have  more  accurate  data  about 
product  replenishment,  says  Friesen. 

Hospital  Logistics  also  has  a  direct 
electronic  link  with  its  customer  hos¬ 
pitals’  general-ledger  systems,  to 
which  it  uploads  transactional  infor¬ 
mation.  Hospital  administrators  can 
see  exactly  which  products  were  pur¬ 
chased  from  which  suppliers,  so  they 
can  reconcile  payments  against  con¬ 
tracted  prices. 

“Now  we’re  able  to  access  better 
supplier  information  for  products  that 
flow  through  hospital  logistics,”  says 
Friesen,  who  handles  all  of  the  con¬ 
tracting  and  purchasing  for  three 
Toronto  hospitals,  including  Sunny¬ 
brook  and  Women’s. 

“The  real  benefit  to  clinicians  is  they 
now  truly  have  the  products  they  need 
when  they  need  them,”  says  Friesen. 
“The  patient  care  staff  can  spend  time 
delivering  patient  care  instead  of  wor¬ 
rying  about  chasing  down  supplies.” 
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Can  your 
network 
think 
for  itself? 


AT&T  APPLICATION  AWARE  NETWORK.  Can  your  network  make  decisions?  Can  it  be  proactive? 
Anticipate  your  needs?  Resolve  its  own  issues?  Defuse  problems  before  they  happen?  AT&T  designs 
user-centered  networks  that  intelligently  monitor  events  across  systems  and  applications,  resulting 
in  faster  diagnosis  and  automatic  restoration.  Which  adds  up  to  less  downtime  for  your  mission 
critical  applications,  and  more  time  for  your  I.T.  department  to  think  about  other  things. 
So.  .  . CAN  YOUR  NETWORK  DO  THIS?  For  a  positive  answer,  just  call  1-888-889-0234. 


AT&T 

The  world's  networking  company5” 


att.com/netvyorking  ©2004  AT&T 


True  network  intelligence 
changes  the  game  for  customers. 
AT&T’s  Application-Aware 
Network  will  be  built  on  a  single, 
global  photonic  infrastructure 
that  automates  and  simplifies 
every  application  by  providing 
built-in  network  intelligence 
that  anticipates  user  needs, 
diagnoses  and  self-heals  to 
keep  the  network  running 
smoothly.  Now  that’s  more 
than  just  simple  -  it’s  smart. 

•  Applications  will  be 
dynamically  deployed  to 
maximize  server  utilization 
and  performance,  improving 
the  customer  experience  and 
reducing  capital  investments. 

•  It  will  anticipate  peak  usage 
with  the  intelligence  to 
handle  spikes  in  demand  by 
automatically  allocating 
anticipated  capacity. 


AT&T’s  forward-thinking 

solutions  stay  one  step  ahead 
of  your  network’s  needs 


AT&T  is  taking  the  intelligence  and  technological  power  of  the  network  and 
centering  it  on  the  user’s  applications.  It  will  be  “application-aware,”  serving 
the  enterprise’s  needs  in  real-time  so  that  every  demand  is  anticipated  and 
met;  every  business  objective  satisfied.  The  enterprise  will  retain  full  control 
over  its  own  applications,  and  can  constantly  monitor  its  performance  to 
assure  things  are  running  as  expected. 

The  Application- Aware  Network  will  have  the  ability  to  deploy  an  application 
to  the  appropriate  server  as  well  as  manage  the  load  balancing  across  multiple 
servers  to  maximize  results.  When  an  application  is  no  longer  needed,  those 
resources  will  be  made  available  to  other  applications.  Reliability  and  business 
continuity  will  be  achieved  by  deploying  applications  across  a  number  of 
servers  and  across  a  number  of  nodes. 

The  network  will  take  advantage  of  new  technologies  to  provide  a  shared, 
standards-based  infrastructure  for  deploying,  integrating  and  operating 
mission-critical  applications.  Customers  will  benefit  from  the  economies  of 
scale  achieved  by  leveraging  a  shared  infrastructure  and  also  benefit  by  only 
paying  for  the  resources  actually  used  -  while  knowing  that  the  capacity  is 
available  to  handle  spikes  in  demand. 


•  It  will  reduce  cost  by 
leveraging  operational 
support  infrastructure  (i.e. 
systems,  people,  etc.). 

•  It  will  provide  hands-free, 
end-to-end  flow  through 
process,  enabling  AT&T  to 
deliver  services  to  customers 
in  real-time,  ultimately,  with 
zero  cycle  time  and  zero 
defects. 


HOSSEIN  ESLAMBOLCHI,  PRESIDENT  OF  AT&T  LABS,  AT&T  CTO  AND 
AT&T  CIO,  IS  DRIVING  THE  CREATION  OF  AT&T’S  APPLICATION-AWARE 
NETWORK,  AND  IS  CONTINUALLY  RECEIVING  HIGH  ACCLAIM  FOR  HIS 
NETWORKING  VISION  OF  THE  FUTURE.  HERE’S  WHAT  A  FEW  OTHERS 
HAVE  TO  SAY... 


•  The  #  1  Mover  and  Shaker  in  the  Telecommunications  Industry  for  his 
vision  of  creating  a  flexible,  multi-service  network  edge  with  the 
capability  for  customers  to  self-provision  services.  LightReading.com 


•  Hossein  was  recognized  by  the  Executive  Council  of  New  York  as  one 
•  Reliability,  security  and  of  the  top  10  innovators  of  2003. 

business  continuity  will  be 
infused  into  every  layer. 


For  more  information,  contact  your  AT&T 
Representative,  or  visit  www.att.com/networking. 
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Got  Questions  About 
Network  Consolidation? 


Computerworld’s  IT  Executive  Summit  Has  the  Answers 


If  you’re  an  IT  executive*  in  an  end-user 
organization,  apply  to  attend  Computerworld’s 
upcoming  complimentary  half-day  summit 

on  Network  Consolidation. 

CIOs  and  senior  IT  executives  are  finding  that 
consolidating  high-performance  networks  can 
play  a  key  role  in  improving  business  applica¬ 
tion  performance  while  significantly  reducing 
operational  costs. 


Streamlining  Networks  and  Data  Centers: 

The  Business  Benefits  of  Consolidation 

New  York  City  •  June  15,  2004 

New  York  Marriott  Marquis  •  Cantor  Jolson  Room  •  1535  Broadway 

7:45am  to  8:15am  Registration  and  Networking  Breakfast 

8:15am  to  8:45am  Rebuilding  the  IT  Foundation 

Maryfran  Johnson,  Editor  in  Chief,  Computerworld 


The  proliferation  of  network  capacity  and  relat-  8:45am  to  9:15am 

ed  storage  and  server  infrastructure  presents  a 

daunting  challenge  for  today’s  enterprises, 

many  of  which  are  positioning  themselves  for 

growth  yet  still  seeking  to  reduce  IT  costs 

where  feasible.  9:15am  to  9:45am 


Infrastructure  Makeover:  Moving  the 
U.S.  Air  Force  Toward  Network-Centric 
Services  Delivery 

Brigadier  General  Brad  Butler,  Deputy  Chief  Information 
Officer,  U.S.  Air  Force 


User  Case  Study 


Selected 

speakers 

include: 


Maryfran  Johnson 
Editor  in  Chief 
Computerworld 


Brigadier  General 
Brad  Butler 
Deputy  Chief 
Information  Officer 
U.S.  Air  Force 


By  leveraging  the  knowledge  of  industry 
experts  and  the  real-world  experience  and 
advice  of  your  IT  peers,  this  IT  Executive 
Summit  will  provide  an  overview  of  effective 
strategies  for  consolidating  and  connecting 
networks  and  data  center  applications. 


9:45am  to  10:15am 
10:15am  to  10:45am 


10:45am  to  11:15am 


*  Complimentary  registration 
is  restricted  to  qualified 
IT  executives  only. 


11:15am  to  noon 


Noon 


Refreshment  and  Networking  Break 

Customer  Challenges  and  Solutions: 
Real-Life  Scenarios  Connecting  Data 
Centers  Over  Distance 

Steve  Adolph,  CTO,  Enterprise  Solutions  Group,  CIENA 

Network  Consolidation  and  the  Data 
Center:  Boosting  Business  Performance 
and  Application  Availability 

Richard  Villars,  Vice  President,  Storage  Systems,  IDC 

Strategies  for  Streamlining  Key 
IT  Resources 

Panel  Moderator:  Maryfran  Johnson,  Editor  in  Chief, 
Computerworld 

Program  Concludes 


Steve  Adolph 
CTO,  Enterprise 
Solutions  Group 
CIENA 


Richard  Villars 
Vice  President, 
Storage  Systems 
IDC 


Apply  for  registration  today 

For  more  information  or  to  apply,  visit 
www.itexecutivesummit.com/nc 

Exclusively  sponsored  by: 


CIENA 


•  1  • 
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IT  RISK 


AT  DELTA 


The  airline  uses  a 
rigorous  but  simple 
scorecard  to  balance 
the  risk  of  technology 
failureagainstthe 
costs  of  upgrading. 
BY  GARY  H.  ANTHES 


pl^DffiOTHETICAL  SCORE 

Adding  the  risk  scores  in  the  green 
column  (see  chart  to  the  right)  produces  a 
scorecard  like  this,  color-coded  for  high  (red), 

|  medium  (yellow)  and  low  (green)  risk. 

’  ■  ■  ■  \  .  ■ 

NETWORK  SERVERS  DEVICES 


Business 

Areal 


Business 
Area  2 
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Business 
Area  3 


N/A 


Business 
Area  4 


Managers  at  Delta  Technology  Inc.  once 
endlessly  debated  whether  they  should 
spend  money  to  upgrade  or  replace 
their  IT  assets,  from  laptops  and  main¬ 
frames  to  networks.  Although  the  IT 
capital  budget  is  prepared  annually, 
these  debates  “seemed  to  occur  daily,” 
says  Brian  Leinbach,  senior  vice  presi¬ 
dent  for  development  at  the  subsidiary 
of  Atlanta-based  Delta  Air  Lines  Inc. 

But  the  debating  and  wrangling  has 
now  largely  stopped,  he  says,  thanks  to 
a  simple  but  relatively  rigorous  frame¬ 
work  for  analyzing  the  costs  and  risks 
of  IT  infrastructure  renewal.  “It’s  fairly 
intuitive,”  Leinbach  says.  “Simple  ideas 
are  often  best.” 

The  framework  is  based  on  a  curve 
that  weighs  the  risk  of  failure  against 
the  cost  of  investments.  At  one  end, 
risks  are  low  but  the  investments  re¬ 
quired  are  too  high.  For  example,  it 
might  cost  x  to  reduce  the  risk  of  fail¬ 
ure  to  one  in  a  million,  but  to  reduce  it 
further  might  cost  lOOx,  which  is  con¬ 
sidered  too  high  for  the  expected  pay¬ 
off.  At  the  other  end,  investments  are 
modest  but  risks  are  too  high. 

Leinbach  says  Delta  strives  to  stay 
near  the  middle  of  the  curve  in  a  “man¬ 
ageable”  area  between  unacceptable 
risk  and  unaffordable  investment.  The 
company’s  annual  capital  budget  of 
$200  million  supports  mainframes, 
Unix  and  Windows  NT  servers,  desk¬ 
tops,  and  voice  and  data  networks. 

Delta  Technology  has  developed  a 
weighted  score  for  each  combination 
of  business  area  and  IT  asset,  based  on 
five  factors:  technology  age,  business 
value  at  risk,  platform  supportability, 
platform  complexity  and  risk  of  failure 
(see  large  chart).  Each  is  then  assigned 
a  green,  yellow  or  red  flag,  depending 
on  whether  the  IT  asset  in  that  busi¬ 
ness  area  is  deemed  to  present  low, 
medium  or  high  risk  to  the  airline. 

The  results  are  combined  and  might 
show,  for  example,  that  the  server  in¬ 
frastructure  presents  a  medium  risk 
for  Business  Area  1,  a  low  risk  for  Busi¬ 
ness  Area  2  and  a  high  risk  for  Busi¬ 


ness  Area  3  (see  small  chart). 

The  method  works  for  all  parts  of 
the  business,  Leinbach  says.  “Even  if 
you  are  just  in  finance  and  responsible 
for  the  books,  that’s  not  required  to 
keep  an  airplane  in  the  air,  but  you 
can’t  run  the  company  very  long  if 
you  can’t  file  your  paperwork.” 

The  final  step  in  preparation  for 
budget  writing  is  to  develop  multiple 
spending  scenarios  that  show  the  im¬ 
pact  on  risk  (again  by  color)  in  each  of 
the  business  areas  that  would  result 
from  different  levels  of  spending  on  IT 
infrastructure  renewal. 

The  scorecards  help  focus  managers’ 
attention  on  risks.  “It  makes  everyone 
take  stock  of  their  systems,”  Leinbach 
says.  “A  big  red  stoplight  is  a  great  com¬ 
munications  tool.”  The  risk  analysis 
framework  has  made  it  easier  to  under¬ 
stand  capital  expenditure  priorities  and 
to  communicate  them  to  all  levels  of 
management,  he  adds. 

“Doing  this  by  business  area  allows  us 
to  have  a  one-on-one  relationship  with 
someone  on  the  business  side  of  the 
table,”  Leinbach  says.  “You  are  really 
counseling  them,  saying,  ‘If  we  spend 
this  much  in  this  area,  these  are  the  re¬ 
sults.  Are  you  OK  with  that?  How  much 


risk  do  you  think  you  can  take?  Do  you 
want  to  help  me  lobby  for  more  money 
overall  so  your  share  could  be  larger?’ 

“And  a  finance  guy  might  have  a  dif¬ 
ferent  view  of  risk  versus  a  guy  in 
flight  operations,”  he  adds. 

The  data  on  IT  asset  failure  proba¬ 
bilities  and  modes  is  highly  automated, 
Leinbach  says,  but  “some  of  the  other 
stuff  is  harder.  Some  is  business  knowl¬ 
edge,  and  some  is  intuition.” 

Although  Delta’s  methodology  is  rel¬ 
atively  simple,  it’s  more  rigorous  than 
what’s  employed  by  75%  to  90%  of  For¬ 
tune  500  companies,  says  Jack  Heine, 
an  analyst  at  Gartner  Inc.  It  gives  IT 
people  a  good  tool  for  showing  the 
possible  consequences  of  budget  cuts 
and  for  predicting  their  effects  on  fu¬ 
ture  risk,  he  says. 

“The  fact  that  they  have  formalized 
it  is  a  very  good  thing,  and  so  is  the 
fact  that  they  are  actually  applying  it  to 
their  future  migration  planning,”  Heine 
says.  When  business  people  ask  what 
IT  has  done  for  them  lately,  he  says,  IT 
can  say,  “  ‘Well,  we  quantified  the  risk 
in  2004,  and  we  will  be  able  to  mea¬ 
sure  our  capabilities  and  successes 
against  plan  in  2007’  That’s  great.” 

©  46038 


RISK-SCORING  GUIDELINES 


CATEGORY 

RISK 

SCORE 

VALUE 

Technology 

1 

1  year  old 

age 

2 

2  years  old 

3 

3  years  old 

4 

4  years  old 

5 

5  or  more  years  old 

Business 

1 

Would  disrupt  noncore  functions  (e.g.,  finance,  HR). 

value  at  risk 

3 

Would  disrupt  customer-facing  systems  or  reduce 
operational  capacity. 

5 

Would  disrupt  core  operations  (e.g.,  flights). 

Platform 

1 

A  generally  available  product. 

2 

1  -  ■  ■■ 

3 

l 

4 

No  longer  supported  by  vendor. 

5 

No  support;  spares  in  short  supply  or  nonexistent. 

Platform 

1 

Single  function,  single  application. 

complexity 

3 

Multiple  functions  or  applications  for  one  business  unit. 

5 

Multiple  functions  or  applications  for  multiple  business  units. 

Platform  risk 

1 

History  of  below-normal  failure  rates. 

of  failure 

3 

History  of  normal  failure  rates. 

5 

History  of  above-normal  failure  rates. 

I  TOTAL  RISK  SCORES  High  risk:  18-25  L  Medium  risk:  11-17  Low  risk:  5-10 


When  he  was  director  of 
knowledge  management 
at  the  World  Bank, 
Stephen  Denning  discov¬ 
ered  a  powerful  leader¬ 
ship  tool:  storytelling.  He 
found  that  it  often  suc¬ 
ceeded  in  inspiring  and 
motivating  people  when 
cold,  hard  logic  failed.  In 
May’s  Harvard  Business 
Review,  Denning  describes  how  good 
storytelling  can  galvanize  an  organiza¬ 
tion  around  a  business  goal.  He  told 
Kathleen  Melymuka  how  IT  leaders  can 
make  this  low-tech  tool  work  for  them. 

When  we  talk  about  storytelling  in  an  IT  envi¬ 
ronment,  how  are  we  defining  story ?  I’ve 
defined  it  in  a  fairly  broad  way  to  be 
any  account  with  time,  place  and  a 
sequence  of  events. 

How  do  stories  succeed  in  moving  people  to 
action  where  logic  and  analysis  fail?  The 

presenter  of  a  logical  analysis  asserts 
a  proposition:  “The  cat  sat  on  the 
mat.”  To  which  the  response  is,  “No,  it 
didn’t.”  If,  on  the  other  hand,  I  say,  “Let 
me  tell  you  about  a  cat  that  was  sitting 
on  a  mat,”  then  we’re  arm  in  arm,  look¬ 
ing  together.  I’m  not  forcing  a  conclu¬ 
sion.  But  when  the  listener  thinks, 
“Maybe  that  could  apply  in  my  con¬ 
text,”  then  you’re  one  millimeter  away 
from  starting  to  implement  something. 
Actions  follow  from  narrative. 

Why  do  business  and  IT  leaders  resist  the 
idea  of  storytelling  as  a  business  tool?  The 

20th  century  was  the  high  point  of  the 
premise  that  anything  not  analytic  and 


logical  doesn’t  have  any  intellectual 
respectability.  Many  disciplines  have 
come  to  see  that  that  vision  of  life  isn’t 
the  whole  story,  but  management  and 
IT  are  among  the  last  bastions  of  the 
world  as  a  machine. 

Given  that  bias  toward  the  analytic,  if  an  IT 
leader  starts  telling  a  story,  don't  you  think 
the  department  will  roll  its  collective  eyes?  If 

you  announce,  “I  am  going  to  tell  you  a 
story,”  you’ll  get  the  rolling  of  the  eyes, 
but  when  I  was  reporting  to  the  CIO 
at  the  World  Bank,  I  never  said  that.  I 
said,  “Let  me  tell  you  about  something 
that  happened  two  weeks  ago,”  and 
curiosity  is  raised,  and  before  you 
know  it,  they’re  following  the  story. 


You  talk  about  the  need  to  match  the  story  to 
the  situation.  How  would  an  IT  leader  use  a 
story  to  spark  action?  In  the  fall  of  1998, 

I  was  called  to  give  a  presentation  on 
why  the  World  Bank  should  bother 
with  knowledge  management  when  we 
seemed  on  the  brink  of  global  financial 
crisis.  I  said,  “Let  me  tell  you  some¬ 
thing  that  happened  two  weeks  ago.  A 
World  Bank  highways  team  in  Pakistan 
got  an  unexpected  question  from  Pak¬ 
istani  highway  administration.  They 
wanted  to  try  different  technology,  and 
they  needed  to  make  the  decision  the 
next  week.  What  did  we  advise?  The 
team  contacted  300  highway  experts 
in  and  outside  the  bank  by  e-mail.  In 
the  next  48  hours,  they  got  help  from 
someone  in  Jordan  using  that  technol¬ 
ogy,  someone  in  Argentina  writing  a 
book  on  the  subject,  someone  in  New 
Zealand  with  guidelines. . . .  Now  that 
we  have  this  knowledge,  we  can  make 
it  available  through  the  Web  for  any¬ 
one.”  They  said,  “Why  aren’t  we  making 
this  happen  all  over  the  organization?” 

What  is  it  about  that  story  that  makes  it 
work?  There’s  a  particular  pattern  un¬ 
derlying  that  story.  It  has  a  protagonist 
with  whom  the  audience  is  likely  to 
empathize.  It  actually  happened,  and 
the  truth  of  the  story  snaps  listeners 
out  of  complacency.  It’s  positive  in 
tone.  And  it’s  told  in  a  minimalist  fash¬ 
ion,  because  I  don’t  want  them  think¬ 
ing  all  about  what’s  going  on  in  Pak¬ 
istan:  they  need  space  in  their  minds  to 
think,  “Yeah,  I  can  do  this  in  my  envi¬ 
ronment.”  Once  executives  can  learn 
to  understand  that  pattern,  whether 
they’re  introducing  CRM  or  SAP, 
they’ll  know  how  to  find  a  suitable 


story  to  spark  people  to  action. 

Another  high  priority  in  IT  is  fostering  collab¬ 
oration.  What’s  an  example  of  how  a  story 
could  help  a  project  team  jell?  We  were 
asked  by  a  director  to  help  get  his 
squabbling  group  to  be  more  collabo¬ 
rative.  We  had  a  meeting  with  them 
and  asked  for  a  volunteer  to  tell  a 
moving  story  about  some  recent  work- 
related  event.  We  said,  “Pull  out  all  the 
stops  and  tell  everything  you  felt  about 
what  was  happening  to  you.”  That  sto¬ 
ry  sparked  a  whole  series  of  stories 
from  the  rest  of  the  group.  People  were 
interested  in  hearing  the  stories  be¬ 
cause  they  were  about  the  same  sub¬ 
jects  they  were  grappling  with,  and 
they  wanted  to  tell  their  stories.  By  the 
end  of  an  hour,  the  group  realized  they 
had  a  common  perception  of  the  prob¬ 
lems  and  what  needed  to  be  done. 

With  a  chain  reaction  of  stories,  it’s 
remarkable  how  quickly  a  group  can 
move  to  a  collaborative  mind-set. 

IT  isn’t  known  for  loquacious  folks.  Can  in¬ 
troverted,  analytical  people  become  good 
storytellers?  The  most  effective  story¬ 
tellers  are  not  glib  extroverts.  In  fact, 
when  a  storyteller  is  stumbling  and 
clearly  struggling,  then  listeners  reach 
out  and  help  and  fill  in  the  blanks.  But 
we’re  all  storytellers.  We  start  telling 
stories  spontaneously  at  the  age  of  2. 
Then  school  and  work  tell  you  to  put 
away  stories.  But  we  are  a  storytelling 
species.  Dogs  sniff  each  other;  humans 
tell  stories.  ©  46307 


This  is  the  latest  in  a  series  of  monthly  discus¬ 
sions  with  Harvard  Business  Review  authors 
on  topics  of  interest  to  IT  managers. 


IF  YOUR 
PURPOSE  IS . 


Create  Stories  to  Match  the  Situation 


USE  A  STORY 
THAT . . . 


Tells  how  change  was  implemented  in 
the  past  and  allows  listeners  to  imag¬ 
ine  how  it  might  work  in  their  situation. 


BE  SURE 
TO... 


Avoid  too  much  detail.  It  can  take 
listeners’  minds  off  their  own 
challenges. 


■ 

-  ■  .  '  -  •  ,  \  -,<•*  "*•  ■at- 

:  EXPECT  RESPONSES 

I  SUCHAS... 


“Just  imagine 
“What  if...” 


Fostering 

collaboration 

Movingly  recounts  a  situation  that 
listeners  have  also  experienced  and 
that  prompts  them  to  share  their  own 
stories  on  the  topic. 

Provide  time  for  people  to  swap 
stories  and  have  an  action  plan 
ready  to  tap  the  energy  the  exchange 
will  unleash. 

“That  reminds  me  of 
the  time . . 

“Hey,  I’ve  got  a  story 
like  that.” 

Squelching 

rumors 

Highlights,  possibly  through  humor, 
some  aspect  of  the  rumor  that  shows 
it  to  be  unlikely. 

Avoid  being  mean-spirited  and  make 
sure  the  rumor  really  is  false. 

“No  kidding!” 

“1  hadn’t  thought 
about  it  like  that.” 

Sharing  a 
vision 

Evokes  the  future  you  want  to  create, 
without  providing  too  much  detail  that 
may  turn  out  to  be  wrong. 

Be  confident  of  your  storytelling  skills. 
Otherwise,  use  a  story  in  which  the  past 
serves  as  a  springboard  to  the  future. 

“When  do  we  start  ?” 
“Let’s  do  it!” 
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Mary  Finlay 


TITLE;  Deputy 
CIO 

COMPANY: 

Partners 
Healthcare 
System  Inc., 

_  _  _  Boston 

flJuA  whatshe 

VtXfi  DOES:  Heads 
IT  for  a  group 
of  10  hospitals  employing  a  total 
of  1,100  IT  professionals.  A  2001 
graduate  of  the  Society  for  Infor¬ 
mation  Management’s  Regional 
Leadership  Forum,  Finlay  is  a 
firm  believer  in  the  critical  impor¬ 
tance  of  the  soft  skills  the  forum 
focuses  on.  Since  the  RLF  was 
launched  in  1992,  more  than 
1,200  IT  professionals  have  grad¬ 
uated  and  many  of  them  are  now 
CIOs  at  top  organizations,  includ¬ 
ing  Cigna  Corp.  and  Sharp  Elec¬ 
tronics  Corp. 


How  do  SIM's  Regional  Leadership 
Forums  work?  A  forum  meets  every  six 
weeks  for  two  days,  over  a  period  of  about 
eight  months.  Throughout  that  time,  we  read 
about  35  books  focused  on  a  range  of  top¬ 
ics.  Speakers  come  in  to  facilitate  peer- 
to-peer  discussions.  The  main  purpose  of 
the  forum  is  to  take  a  holistic  view  of  leader¬ 
ship.  You  spend  very  little  time  talking  about 
technology.  It’s  more  about  the  skills  you 
need  as  an  IT  leader,  which  range  from 
thinking  about  IT  governance  and  measur¬ 
ing  value  to  negotiations  and  softer  skills, 
such  as  building  relationships  with  the  exec¬ 


utive  team,  communications  and  profes¬ 
sional  networking. 

In  such  a  tight  economy,  has  the  em¬ 
phasis  on  soft  skills  for  IT  personnel 
fallen  off  somewhat?  There  has  been  a 
greater  emphasis  lately  on  how  to  do  more 
with  less,  and  there  has  been  more  of  a  de¬ 
mand  for  financial  skills  and  the  ability  to 
deal  with  regulators.  But  at  the  end  of  the 
day,  if  you’re  in  an  IT  senior-level  position, 
you  have  to  be  able  to  get  up  in  front  of  a 
room  of  people  and  sell  ideas  and  negotiate 
for  what’s  important.  I  haven’t  seen  that  go 
by  the  wayside. 

How  about  managing  people?  What  an 
IT  person  wants  from  a  manager  is  to  know 
that  the  manager  cares  about  their  success 
and  professional  development.  At  the  bare 
minimum,  I  have  my  directors  ask  all  of  their 
reports  what  they  want  to  do  next  and  how 
the  director  can  help  them  get  there.  That 
question  should  be  integral  to  ongoing  dis¬ 
cussions  with  direct  reports.  If  a  person 
feels  a  manager  doesn’t  care  about  them 
as  a  person  and  a  professional,  that  person 
will  leave  the  company. 

What  do  you  consider  the  most  impor¬ 
tant  nontechnical  skills  that  IT  leaders 
should  develop?  Relationship  skills,  in¬ 
cluding  how  to  build  relationships  with  your 
functional  counterparts  and  others  on  the 
executive  team,  and  communications  skills. 
You  need  to  write  well  and  speak  well.  One 
of  the  things  they  had  us  do  in  the  Regional 
Leadership  Forum  is  prepare  and  give  our 
“elevator  speech."  That's  the  speech  you 
give  when  the  CEO  gets  in  the  elevator  and 
you  have  three  minutes  to  convey  what 
you're  doing.  Always  have  that  elevator 
speech  in  your  back  pocket.  O  46441 

-Julia  King 


NUMBERS  CRUNCH: 
Workplace 
Relationship  Issues 


50% 

Percentage  of  employees 
who  report  missing  time 
from  work  due  to  rude 
workplace  behavior 
directed  toward  them 

4! 

2% 

Percentage  of  time  the 
average  manager  spends 
dealing  with  interpersonal 
conflicts 

50% 

Percentage  by  which  poorly 
managed  workgroups  are 
less  productive 

B 

1 

Percentage  by  which  poorly 
managed  workgroups  are 
less  profitable 

SOURCES:  WWW.WORKRELATIONSHIPS.COM, 
WWW  BADBOSSOLOGY  COM;  2004 


Worth  Noting 

H  People  don’t  leave 
a  company,  they 
leave  a  manager. 
The  costs  for  an  employee 
who  resigns  due  to  interper¬ 
sonal  relationship  problems 
are  extensive;  some  studies 
indicate  that  the  costs  are  up 
to  three  times  the  departing 
employee’s  annual  salary.  In 
addition,  there  are  other  costs 
involved,  such  as  hiring  and 
training  for  the  replacement 
position. 

-  WWW.WORKRELATIONSHIPS.COM 


I  have  been  a  victim 
of  workplace 
bullying. 


f  Yes 

1 

40.4% 

Mo 

L 

59.6%  i 

L 

J 

BASE:  418  workers  polled  online  between 
November  2002  and  March  2003 


I  have  observed  someone 
else  being  bullied  in  the 
workplace. 


BASE:  417  workers 


SOURCE:  THE  BUSINESS  RESEARCH  LAB  LLC,  HOUSTON 


CONFUCT  MANAGEMENT  is  a  huge 
issue  for  all  managers  but  especially  for 
IT  managers,  since  most  IT  work  is  per¬ 
formed  by  teams,  says  Craig  Runde, 
director  of  new  program  development 
at  the  Leadership  Development  Institute 
at  Eckerd  College  in  St.  Petersburg,  Fla. 
“It's  mostly  a  matter  of  knowing  how  to 
deal  with  differences,"  says  Runde. 

Eckerd  researchers  surveyed  300 
managers,  their  bosses,  peers  and  direct 
reports  and  came  up  with  a  “very  strong 
statistical  correlation" 
between  qualities  as¬ 
sociated  with  leaders 
and  various  construc¬ 
tive  behaviors  in  deal¬ 
ing  with  conflict. 

“Things  like  putting 


yourself  in  the  other  person’s  shoes 
and  reaching  out  to  people  in  a  conflict 
[rather  than  avoiding  it]  are  both  con¬ 
structive  behaviors  associated  with  lead¬ 
ership,”  Runde  says.  Destructive  behav¬ 
iors  include  displaying  anger,  demeaning 
others  and  retaliating.  “To  the  extent  that 
you  want  to  build  leaders,  one  area  you 
have  to  consider  seriously  is  making  sure 
managers  have  effective  conflict  man¬ 
agement  skills,”  Runde  says.  In  IT,  he 
adds,  “it's  fair  to  say  that  a  lot  of  people 
are  quite  strongly  task- 
focused.  As  a  conse¬ 
quence,  sometimes 
the  interpersonal  ef¬ 
fects  of  their  actions 
may  not  be  their  prima¬ 
ry  focus.”  -Julia  King 


SOFT  SKILLS  FOR  IT: 
ONLINE  RESOURCES 
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www.workrelationships.com 

www.shrm.org 

www.badbossology.com 
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BRIEFS 


McClintock  to  Lead 
Arch  Insurance  IT 

Scott  McClintock  has  been  pro¬ 
moted  to  senior  vice  president 
and  CIO  at  Arch  Insurance  Group, 
a  division  of  Arch  Capital  Group 
Ltd.,  a  Bermuda-based  reinsur¬ 
ance  company.  McClintock  will 
establish  a  long-term  IT  architec¬ 
ture  for  Arch  and  implement  busi¬ 
ness  unit  efficiency  initiatives.  He 
joined  Arch  in  2002. 


Nextel  Boosts  EDS 
Contract  by  S100M 

Electronic  Data  Systems  Corp. 
announced  that  it  has  amended 
its  current  five-year  master  ser¬ 
vices  agreement  with  Reston, 
Va.-based  Nextel  Communica¬ 
tions  Inc.  to  cover  additional  ap¬ 
plications  development  and  host¬ 
ing  services,  increasing  the  con¬ 
tract’s  value  by  about  $100  mil¬ 
lion.  Under  the  2001  agreement, 
Piano,  Texas-based  EDS  provided 
Nextel  with  comprehensive  IT 
services,  including  data  center, 
database  administration,  disaster 
recovery  and  help  desk  functions. 


BP  CIO  Joins 
Maplnfo  Board 

Maplnfo  Corp.,  a  provider  of 
location-based  business  intelli¬ 
gence  software  in  Troy,  N.Y., 
announced  the  appointment  of 
Simon  J.  Orebi  Gann  to  its  board 
of  directors.  Orebi  Gann  is  cur¬ 
rently  CIO  at  BP  PLC’s  integrated 
supply  and  trading  business  and 
is  vice  president  of  digital  and 
communications  technology. 


Saab  Signs  Entopia 

Saab  AB,  a  maker  of  defense 
electronics  in  Stockholm,  has 
chosen  K-Bus  from  Entopia  Inc. 
in  Redwood  Shores,  Calif.,  to 
help  improve  worldwide  informa¬ 
tion-sharing  and  collaboration. 
K-Bus  facilitates  the  consolida¬ 
tion  of  unstructured  data  from 
multiple  sources  such  as  data¬ 
bases,  Internet  sites,  intranets 
and  e-mail  systems. 


BART  PERKINS 


Risk/Reward  Contracts: 
Laying  the  Foundations 


UNDER  THE  RIGHT  CIRCUMSTANCES, 

risk/reward  contracts  can  provide  signif¬ 
icant  benefits  to  both  buyers  and  sellers 
[QuickLink  45728].  Because  these  con¬ 
tracts  withhold  a  significant  percentage 


of  the  fees  until  the  project 
is  successfully  completed, 
they  offer  a  way  to  share 
both  risks  and  rewards  with 
your  supplier.  Risk/reward 
contracts  are  more  com¬ 
plex  to  negotiate  and  man¬ 
age,  however,  and  require 
careful  consideration.  Here 
are  some  steps  you  can  take 
to  minimize  difficulties. 

Determine  whether  you  have 
a  good  candidate  for  a  risk/ 
reward  contract.  Do  this  be¬ 
fore  you  pursue  contract 
negotiations.  Risk/reward 
contracts  work  best  with: 

■  High-risk  projects  with 
significant  business  bene¬ 
fits.  Use  risk/reward  only  when  the 
potential  benefits  warrant  the  addi¬ 
tional  effort. 

■  Established  suppliers.  Because  of 
the  complexity  of  these  contracts,  you 
will  do  better  if  you  select  a  supplier 
with  an  excellent  track  record,  prefer¬ 
ably  one  you  already  have  a  strong 
relationship  with. 

■  Companies  with  strong  internal 
relationships.  Risk/reward  contracts 
require  significant  internal  coopera¬ 
tion  and  work  best  in  companies 
where  legal,  finance  and  HR  depart¬ 
ments  already  have  a  strong  working 
relationship  with  IT. 

Use  clear  metrics.  The  success  of  your 
risk/reward  contract  will  depend  on  it. 
These  measures  form  the  basis  for  de¬ 
termining  whether  additional  financial 
payments  are  warranted.  They  are  par¬ 
ticularly  necessary  in  multiyear  con¬ 
tracts,  where  management  changes  are 
almost  sure  to  occur.  Having  clear 


metrics  can  help  you  avoid 
being  at  the  mercy  of  wide¬ 
ly  differing  interpretations 
of  whether  success  has 
been  achieved. 

■  Choose  metrics  that 
reward  specific  behavior. 
For  example,  metrics  for 
a  new  application  might 
specify  an  average  re¬ 
sponse  time  of  two  sec¬ 
onds.  If  you  want  to  elimi¬ 
nate  large  deviations  in  re¬ 
sponse  times,  add  a  related 
metric  specifying  that  95% 
of  the  transactions  will 
take  place  within  one  to 
three  seconds. 

■  Develop  metrics  to 
eliminate  arguments  with  suppliers  re¬ 
garding  whether  their  incentive  pay¬ 
ments  should  be  made.  Clear  metrics 
remove  ambiguity.  Imprecise  mea¬ 
sures  are  often  subject  to  debate. 

■  Design  metrics  carefully.  Poorly 
designed  or  insufficient  measures  may 
result  in  unintended  consequences  or 
give  suppliers  the  ability  to  play  games 
with  the  numbers.  One  company  tried 
to  motivate  data  entry  operators  by 
paying  a  bonus  for  more  than  a  certain 
number  of  keystrokes  per  hour.  The 
operators  soon  learned  they  could 
“increase  productivity”  by  repeatedly 
tapping  a  single  key. 

Define  counterbalancing  measures  of  suc¬ 
cess.  Make  sure  that  your  metrics  take 
into  account  and  accurately  reflect 
multiple  goals.  For  example,  if  the 
only  measure  of  success  is  response 
time,  a  systems  integrator  might  re¬ 
quire  faster  processors  and  higher 
bandwidth,  thereby  making  the  on- 


BART  PERKINS  is  the 

managing  partner  at 
Leverage  Partners  Inc. 
in  Louisville,  Ky..  which 
helps  CIOs  manage  their 
IT  suppliers.  He  was 
CIO  at  Tricon  Global 
Restaurants  Inc.  and 
Dole  Food  Co.  Contact 
him  at  BartPerkins® 
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going  operating  costs  higher  than 
they  should  be. 

Get  interdepartmental  support  early. 

■  Finance.  Since  benefits  often  accrue 
over  several  budget  years,  the  finance 
staff  will  need  to  accept  multiyear  “at 
risk”  accruals  that  represent  contin¬ 
gent  liabilities  on  the  balance  sheet 
(i.e.,  payments  you  will  make  only  if 
the  vendor  performs  well).  In  some 
cases,  it  may  take  several  years  to 
construct  and  install  a  new  system 
and  start  reaping  the  benefits.  Fi¬ 
nance  will  need  to  accrue  potential 
additional  payments  as  soon  as  the 
endeavor  starts,  rather  than  waiting 
until  the  end  and  being  surprised  by 
the  total  fees. 

■  Legal.  In  addition  to  normal  con¬ 
tract  terms,  you  will  need  to  negotiate 
special  situations.  For  example,  if  your 
risk/reward  endeavor  is  canceled 
through  no  fault  of  the  supplier  (e.g., 
your  company  is  acquired  and  the  new 
owner  decides  to  shut  down  the  proj¬ 
ect),  the  supplier  will  want  to  be  paid 
some  portion  of  the  potential  addi¬ 
tional  fees  it  might  have  received  at 
normal  project  completion. 

■  HR.  Some  internal  incentive  pro¬ 
grams  may  need  to  be  adjusted.  Sup¬ 
pose,  for  example,  you  construct  a 
joint  project  team  in  which  everyone 
works  hard  to  deliver  the  project  early. 
If  the  systems  integrator’s  staff  gets  a 
bonus  and  your  HR  policies  forbid  you 
to  pay  a  bonus  to  your  staff,  that  could 
create  resentment. 

Risk/reward  contracts  require  more 
preparation,  precision  and  coopera¬ 
tion.  But  when  they  are  used  appropri¬ 
ately,  they  motivate  suppliers  to  deliv¬ 
er  successfully.  This  leverage  serves  as 
an  insurance  policy  against  failure  and 
provides  incentives  for  joint  success. 

O  46411 
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How  does  your  rack  really  stack  up? 


Take  the  APC  Rack  Challenge  and  find  out  how 
the  New  NetShelter®  VX  outperforms  your  brand. 

Whether  you  are  consolidating  servers,  relocating  your  data  center,  or  centralizing 
distributed  networks,  selecting  the  right  brand  of  enclosure  is  crucial  to  successful 
implementation.  Take  the  APC  Rack  Challenge  today  to  make  sure  your  facts  and 
your  racks  really  stack  up. 


THE  APC  RACK  CHALLENGE 

Name:  Title: 

Company:  Phone: 

Address: 

How  many  racks  do  you  currently  have  installed? 

Features  to  expect  in  today's 

IT  rack  enclosures 

NetShelter*  VX 
(AR2101BLK) 

no  side  panels 

Compaq  Rack 
10000  Series 

(245161 -B21) 

no  side  panels 

Your  rack  brand  hersi 
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Integrated  rear  power  distribution 
channels  that  provide  zero-U, 
toolless  mounting  of  basic, 
metered,  and  switched  rack-mount 
power  distribution  units. 

8 

v  _  / 

Integrated  rear  cable  management 
channels  that  allow  efficient  cable 
routing  and  easily  accessible 
cable  containment. 

8 

t  f 

Available  with  scalable 
cooling  options  to  support 
heat  densities  up  to  7.5kW*. 

$ 

8 

I  4 

* 

Exceeds  major  server  requirements 
for  front  door  ventilation. 

$ 

**> 
t  t 

v  „  / 

Meets  or  exceeds  warranty 
requirements  for  all  major  servers. 

/  \ 

\  1 

* 

InfraStruXure  compatible. 

Seamlessly  integrates  into  APC's 
modular,  manageable,  pre-engineered 
data  center  architecture. 

£ 

t~"\ 
t  4 

Vendor  neutral  rack  configurator 
designed  to  support  most  third  party 
servers  and  networking  devices. 

ft 

/" -v 
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N./ 

5-year  warranty 

.  m 

. M  " 
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"Fits  Like  a  Glove"**  money  back 
guarantee  that  all  IT  equipment 
will  fit  in  the  rack. 

^■h^HP/COMPAQ  •  SUN  •  *MN 

t*  **\ 
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OEU.  •  CISCO  •  UlCfNT  ) 

Compare!  Savings 
k  of  almost  40% 

*1039 

*1359 

;$  | 
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TAKE  THE  RACK 
CHALLENGE  TODAY! 


Online:  /  . 

http://prwno.apc.com  •  Key  Code  q525y 


By  Fax: 

1)  Fill  in  your  business  information, 
indicate  your  rack  brand  of  choice, 
and  check  off  the  applicable  fields. 

2)  Fax  the  completed  Rack  Challenge 
to  the  following  number: 

Fax  401-788-2797 


I  took  the  S/ 
APC  RACK  w 
CHALLENGE! 


It®, 


RECEIVE  I 
YOUR  FREE  T-SHIRT 


Be  one  of  the  first  100  respon¬ 
dents  and  receive  a  FREE  “I  took 
the  APC  Rack  Challenge”  T-shirt! 


Designed  specifically  for  the  cabling, 
cooling  and  security  demands  of  today's 
IT  environments,  the  NetShelter®  VX  is  a 
complete  infrastructure  compatible  with  a 
full  range  of  integrated  APC  components. 
Vendor-neutral,  all  you  need  to  add  are 
the  servers  of  your  choice. 

NetworkAIR™  RM  Air  Distribution  Unit 

Unique  2U  rack-mounted  fan 
unit  delivers  additional  cool 
air  and  improves  circulation. 


1U  Rack-mount  LCD 
Monitor/Keyboard  Drawer 

Maximizes  space  in 
data  center  environments. 


Environmental  Monitoring  Unit 

Monitors  ambient  temperature,  „  y 
humidity  and  other  environmental  *■ 
conditions  in  racks. 


Rack-mount  PDU 

Provides  up  to  5.7kW  of  power, 
eliminating  the  need  for  multiple 
outlet  strips  per  rack.  Available  for 
both  single-  and  3-phase  input  power. 


*  Based  on  APC  Internal  Research  and  testing.  **  See  link  on 
promotions  page  for  terms  and  conditions,  f  Source  of 
average  pricing:  www.HP.com.  Prices  may  vary  or  change 
from  time  to  time.  Not  applicable  to  other  SKU's  or  models. 


Legendary  Reliability* 


©2004  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners  •  Call:  888-289-APCC  x6701  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road.  West  Kingston.  Rl  02892  USA  •  NS1A4EF-USa 


Without  doubt  the  Boston  metro  area  has  been 
among  those  most  hard  hit  by  the  downturn  in 
the  technology  economy.  The  telecommunications 
sector,  in  particular,  continues  to  see  problems,  and 
Terra  Lycos  has  announced  additional  layoffs  and  a 
lowered  price  on  the  sale  of  its  Lycos.com  operation. 
Similarly,  the  financial  services  sector  has  stumbled, 
with  the  buyout  of  John  Hancock  by  Canada's 
Manulife  Financial  Corp. 

However,  Boston  continues  to  market  itself  to  the 
high  tech  world  based  on  its  access  to  a  strong 
workforce,  universities  and  existing  business  base. 
Further  evidence  can  be  found  in  close  to  $100 
million  in  venture  capital  and  federal  grants  for  early 
stage  companies  and  an  uptick  in  job  listings  at 
companies  ranging  from  Staples  Inc.  to  Partners 
Healthcare.  Boston.com  —  a  business  newsletter  for 
the  region  —  continues  to  follow  the  financial 
fortunes  of  an  emerging  new  technology  community, 
the  Boston  Life  Sciences  20.  The  Life  Sciences  20 
includes  companies  such  as  Boston  Scientific,  Charles 
River  Laboratories,  Biogen  Idee,  Millennium 
Pharmaceuticals,  PerkinElmer  and  Transkaryotic 
Therapies. 

Partners  Healthcare  —  parent  company  for  The 
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Children's  Hospital,  Beth  Israel  Deaconess  Medical 
Center,  Brigham  &  Women's  Hospital  and 
Massachusetts  General  —  has  50  information 
technology  jobs  currently  listed. 

In  addition  to  some  of  the  longer-term 
pharmaceutical  and  life  sciences  companies,  the  area 
boasts  of  a  dozen  new  start-up  companies.  These 
include  Biomeasure  Inc.,  Nexcelom  Bioscience  and 
Agencourt,  which  recently  received  a  $30  million 
grant  from  National  Human  Genome  Research. 
Biomeasure,  which  is  now  a  division  of  French 
pharmaceutical  company  Ipsen,  is  building  a  new 
38,000-square-foot  factory.  The  Boston  Tech  Center,  a 
345,000-square-foot  facility,  is  under  construction 
and  also  will  provide  needed  office  and  lab  space  for 
Boston's  growing  biotech  and  life  sciences  industry. 

Raytheon,  one  of  the  long-term  corporate 
headquarters  in  the  area,  is  also  on  a  hiring  cycle. 
Currently,  the  corporation  lists  10  jobs  in  the 
information  systems  area  supporting  its 
businesses.  More  importantly,  the  corporation  has 
posted  75  job  openings  during  quarter  one  for 
software  engineers,  architecture  developers  and 
systems  engineers  to  work  on  security  and  defense 
contracts. 


Staples  Inc.  also  continues  its  push  in  using 
technology  to  reach  customers  and  improve 
operations.  The  high  tech  research  community  in 
the  Boston  area  is  also  showing  some 
improvement.  Forrester  Research  has  shown  stable 
performance  over  the  last  six  months.  IDC,  a 
division  of  IDG  —  parent  company  to 
Computerworld,  InfoWorld  and  NetworkWorld  —  is 
hiring  research  analysts,  particularly  in  the  areas  of 
healthcare  and  life  sciences. 


For  more  information  about  IT  Careers 

advertising,  please  contact:  Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 


Engineering  Development  Man¬ 
ager-Offshore  :  For  tech  transfer 
life  cycle  mgmt  co..  manage  off¬ 
shore  res  &  devel  projects,  incl. 
offshore  embedded  sys  &  appl 
specific  integrated  circuit  (ASIC) 
solutions  div.  in  India  &  offshore 
team  of  developers  &  research¬ 
ers;  project  plan,  exec,  implmnt 
&  test  at  client  sites.  Req’s: 
Bach's  in  Comp  Engg,  Comp  Sci 
or  a  rel.  field.  3  yrs  exp  in  job 
offered  or  3  yrs  exp  as  a  Comp 
Sys  Analyst  in  offshore  devel 
envt.  Exp  must  incl.  embedded, 
enterprise,  networking  &  comm 
&  image  processing  solutions. 
Prof  in  32  bit  RISC/CISC,  Hita¬ 
chi  SH/HS,  ARM  7TDMI/9TDMI, 
DSP-TI  &  AD  (TMS320),  Win¬ 
dows  CE,  ITRON,  pSOS,  Vx- 
Works,  C  OS  II.  C  Linux, 
Trimedia  SDE,  Lauterbach 
TRACE  32  for  Hitachi  SH,  ARM 
developer  Ste,  Red  Hat  Embed¬ 
ded  Tool  Ste  &  Platform  Builder. 
Overseas  travel  required.  40hrs/ 
wk.  Send  res.  to  E-5,  P.O.  Box 
1924,  Phila.,  PA  19105. 


PROGRAMMER/ANALYST  to 
analyze,  design,  develop  and 
maintain  client/server  and  web- 
based  application  software 
using  Java,  J2EE,  Java  Script, 
Java  Bean,  Applets,  JSP, 
Servlets,  EJB,  WebLogic,  XML, 
HTML,  SQL  Server  and  Oracle 
under  Windows  NT  and  UNIX 
operating  systems.  Require; 
Bachelor’s  degree  in  Computer 
Science,  an  Engineering  disci¬ 
pline,  or  a  closely  related  field 
with  2  yrs  of  exp  in  the  job 
offered  or  as  a  Systems  Analyst. 
Extensive  travel  on  assignment 
to  various  client  sites  within  the 
US  is  required.  Competitive  sal¬ 
ary  offered.  Send  resume  to; 
John  Watson,  Venturi  Technolo¬ 
gy  Partners,  9428  Baymeadows 
Rd,  Ste  500,  Jacksonville,  FL 
32256;  Attn:  Job  AA. 


Sr.  Cons,  for  b/z  reqs.  analysis, 
process  optimizn,  plan,  dzn, 
s'ware  dev.,  test  &  systems  inte- 
grn.  PM  for  system  &  applns. 
S’ware  dev.,  opernl.  CRM 
(Sales,  Svc,  Mktng),  Collabora¬ 
tive  CRM  (CTI,  Customer  Con¬ 
tact  Center)  &  Analytical  CRM 
(Reporting,  ROI)  projs.  Evaluate 
CRM  (Clarify  12.0,  Siebel,  HP 
Service  Desk  4.5,  &  Kintana 
5.0).  Conduct  infrastructure 
scalability  assessments  &  imple¬ 
ment  CRM  &  ERP  based  ERP 
system  for  Cust  relationship 
mgmt,  GL,  HRMS,  A/c  Payable 
&  T  &  L  Modules.  Implement 
Clarify  eFrontOffice  VI 2,  Clear- 
Sales,  ClearSupport,  CBO  / 
eBusiness  Framework,  Clear- 
Contracts,  Clear  CallCenter  & 
Clarity/Nortel  CTI  solutions.  Pro¬ 
posals,  presentations,  client 
mgmt,  project  tech  lead  &  exe¬ 
cution.  Lead  sols  design  & 
development,  lead  teams,  proj 
delivery,  client  relation  &  tech 
team  deliveries.  BS  in  CS  +  5  yr 
exp.  in  job  duties  OR  5  yr  exp  in 
IT  PM,  Internet  tech.  &  ERP. 
Must  be  Clarify  CRM  Prof,  and 
Six  Sigma  green  belt  certified. 
Comp,  salary.  Apply:  Unilinx, 
4625  Alexander  Dr.,  #  110, 
Alpharetta,  GA  30022  with  proof 
of  perm.  Work  authzn. 


PROGRAMMER  ANALYSTS 
for  Worth,  IL  office.  Design  & 
Develop  software  applications 
using  Oracle,  XML,  UML,  C++, 
Sybase,  Interwoven,  Coolgen, 
ClearCase,  ClearQuest,  PVCS, 
UNIX.  Bachelors  or  Equivalent 
req'd  in  Computers,  Engineer¬ 
ing,  Math  or  related  field  of 
study  +1  yr  of  related  exp.  40 
hrs/wk.  Must  have  legal  author¬ 
ity  to  work  permanently  in  the 
U.S.  Send  resume  to  HR 
Manager,  Compro  Consulting 
Group,  Inc.,  7179  West.lllth 
St,  Worth,  IL  60482. 


Computer  Professionals 
(Multiple  Openings) 

Software  Engineer/Systems 
Analyst/Database  Administra¬ 
tor/Network  Administrator  Mil¬ 
waukee,  Wl.  Must  have  bache¬ 
lors  degree  or  equivalent  and 
experience  in  some  of  the  fol¬ 
lowing  skills:  C/C++,  Java, 
Web  Methods,  Cold  Fusion,  Mic¬ 
rosoft  Technologies  (Visual  Bas¬ 
ic,  NET,  ASP)  CRM  (Siebel, 
Clarify,  Vantive),  Middle  Ware 
Technologies  (Orbix,  Corba.  Tib- 
co,  Vitria)  Data  Ware  Housing 
Tools  (Informatica,  Data  Stage, 
Abinitio,  Business  Objects,  Cog- 
nos,  Micro  Strategy,  Brio)  ERP 
(SAP,  People  Soft,  Oracle  Apps, 
Baan),  Mainframe  (Cobol,  CICS, 
JCL,  VSAM)  AS400,  Ecom- 
merce,  Databases  (SQL  Server/ 
Oracle/DB2/Sybase),  Microsoft 
Windows(95/98/NT/2000,Excha 
nge),  UNIX  (Sun  Solaris,  HP, 
AIX),  Linux  and  QA  (Win  Run¬ 
ner,  Load  Runner,  Silk,  Quick- 
pro,  Manual  Testing). Position 
requirement:  Must  be  willing 
to  travel  and  /or  relocate  per 
project  specification  Mail  your 
resumes  to:  jobs@iksolution 
sinc.com  or  Human  Resource 
Director,  IK  Solutions  Inc,  1840 
N.  Farwell  Ave,  Suite  #  306, 
Milwaukee,  Wl  53202. 


System  Administrator  required 
for  Burtonsville,  MD  office. 
Design  &  maintain  LAN,  WAN, 
Network  Segment,  Internet/ 
Intranet  Systems;  Install  & 
maintain  Exchange  Servers, 
Multiplexes,  Line  Drivers, 
modems,  scanners,  D-link 
hubs,  cabling  and  other  hard¬ 
ware.  Bachelors  req'd  in 
Computers,  Engineering  +  2  yrs 
of  exp.  40  hrs/wk.  Must  have 
legal  authority  to  work  perma¬ 
nently  in  the  U.S.  Send  resume 
to  HR  Manager,  Childway/KIO 
Services  Inc.,  4058  Blackburn 
Lane,  Burtonsville,  MD  20866. 


Technical  Support  Analyst 

Experience:  Minimum  3  years 
recent  experience  in  a  similar 
position 

PCS  has  an  opening  for  a 
Technical  Support  Analyst  based 
in  Chicago,  Illinois.  The  selected 
candidate  must  have  a  minimum 
of  a  bachelors  degree  in  Elec¬ 
tronics  or  Management  Informa¬ 
tion  Systems  or  Computer  Sci¬ 
ence  or  Computer  related  field 
or  equivalent.  A  minimum  of  3 
years  of  recent  experience  in  a 
similar  position  is  required. 

Job  Description:  The  job  re¬ 
quires  the  employee  to  possess 
a  minimum  of  3  years  recent 
work  experience  in  a  similar  po¬ 
sition.  Prior  experience  with  de¬ 
signing  and  implementing  solu¬ 
tions  for  extending  systems 
management  capabilities  of  CA- 
Unicenter  TNG  for  different 
types  of  non-IT  devices  is  man¬ 
datory.  Must  possess  work  ex¬ 
perience  using  Wireless  Devices 
(Vast,  Opto22,  Ion  Networks, 
Badger  and  Nokia)  and  integra¬ 
tion  of  these  devices  with  CA- 
Unicenter  TNG.  Prior  experience 
implementing  CA-Unicenter 
TNG  and  related  suites  of  Enter¬ 
prise  Systems  Management 
products  and  software  required. 

Additional  work  responsibilities 
involve  performing  systems  sup¬ 
port,  computer  operating  sys¬ 
tems  configuration,  perform  sys¬ 
tems  support  and  configure 
TCP/IP  and  computer  networks, 
Require  prior  work  experience 
working  on  Windows,  win- 
dows2000  server,  Windows 
2000  advanced  server,  Linux, 
Novell  platform  routers,  gate¬ 
ways,  LANS/WANS  and  fire¬ 
walls.  Responsible  for  in-house 
systems  administration,  network 
management,  e-mail  manage¬ 
ment,  LAN,  VPN,  remote  access 
management  and  providing  for 
in-house  users  and  external 
clients. 

The  job  responsibility  requires 
travel  as  required.  Please  send 
your  resume  and  cover  letter  to: 
Human  Resources,  Profession¬ 
al  Consulting  Services,  Inc., 
1415  North  Dayton,  #3S, 
Chicago,  IL  60622. 
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Consultant  Systems  Analyst  will 
develop  leading  edge  testing 
methodology  to  stress  test  next 
generation  high  volume  (1+ mil¬ 
lion  users)  financial  applications 
built  on  WebLogic  middleware 
using  custom  developed 
LoadRunner  virtual  users.  Will 
deliver  application  performance 
and  system  resource  profiles  of 
all  application  components. 
Will  analyze  applications  and 
characterize  performance  of 
systems  to  identify  bottlenecks. 
Will  conceptualize  and  execute 
test  plan  for  stress,  stability,  unit 
and  load/performance  testing 
with  a  user  population  of  13  mil¬ 
lion  customers  for  both  web- 
based  and  client/server  applica¬ 
tions.  Will  assist  clients  in  vali¬ 
dating  multiple  architecture  rec¬ 
ommendations  and  in  the  selec¬ 
tion  of  a  cost-effective  solution 
that  meets  performance  and 
capacity  requirements  for 
branch  network  and  future 
capacity  projections.  Requires 
Bachelor  of  Science  or  equiva¬ 
lent  in  Computer  Science, 
Engineering,  Math,  or  Physics 
and  one  (1)  year  in  job  offered 
OR  one  (1)  year  experience  in 
systems  integration  and  perfor¬ 
mance  testing.  Candidate  must 
possess  demonstrated  exper¬ 
tise  in  high  volume  capacity 
planning,  forecasting  and  perfor¬ 
mance  testing  using  Load- 
Runner;  demonstrated  expertise 
in  performance  and  cost  analy¬ 
sis  of  web  architecture  and  net¬ 
work  configuration;  and  demon¬ 
strated  expertise  in  capacity 
planning  and  future  forecasting 
using  Interscope.  Candidate 
must  also  be  Certified  Product 
Specialist  in  the  Mercury 
Interactive  LoadRunner  tool. 
Salary:  $87,975/yr,  M-F,  9AM- 
5PM.  Send  2  resumes  to  Case 
#200203581,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  fl., 
Boston.  MA  02114.  EOE. 
Applicants  must  be  U.S.  workers 
eligible  to  accept  full-time 
employment  in  U.S. 


Software  Engineer  -  Applica¬ 
tions.  Sought  by  Englewood 
Colorado  consulting  company  to 
work  in  various  unanticipated 
locations  throughout  the  U.S. 
Duties:  Develop,  create  and 
modify  general  computer  appli¬ 
cations  software  or  specialized 
utility  programs.  Analyze  user 
needs  and  develop  software 
solutions.  Design  software  or 
customize  software  for  client  use 
with  the  aim  of  optimizing  opera¬ 
tional  efficiency.  Analyze  and 
design  databases  with  an  appli¬ 
cation  area.  Use  of  Visual  Basic, 
XML,  UML,  SQL  Server  2000, 
DB2,  SQL,  C++.  COBOL.  Reqs. 
Masters  or  equivalent  in  Com¬ 
puter  Science,  Computer  Engin¬ 
eering,  Engineering  (any  field) 
or  related  field.  Plus  1  year  in  the 
job  offered  or  1  year  in  a  related 
occupation,  including  Systems 
Analyst,  Programmer  Analyst  or 
Applications  Developer.  $73,231 
/year,  40/hrs/wk,  8AM-4PM.  Re¬ 
spond  by  resume  to  WORK¬ 
FORCE  DEVELOPMENT  PRO¬ 
GRAMS,  PO  Box  46547,  Den¬ 
ver,  CO  80202,  and  refer  to  Job 
Order  No.  CO5075643. 


PROGRAMMER  ANALYSTS 
req'd  for  Raleigh,  NC  office. 
Design  &  Develop  software 
applications  using  C,  C++,  VB, 
Delphi.  ASP,  XML,  UML, 
Coolgen,  Interwoven,  Oracle, 
PL/SQL,  Developer  2000  & 
Designer  2000;  Bachelors  or 
Equivalent  req’d  in  Computers, 
Engineering,  math  or  related 
field  of  study  +  1  yr  of  related 
exp.  40  hrs/wk.  Must  have  legal 
authority  to  work  permanently  in 
the  U.S.  Send  resume  to  HR 
Manager,  Allied  Business 
Consulting,  Inc.,  8700  W.Bryn 
Mawr,  Suite  800  South, 
Chicago,  IL  60631. 


Software  Engineer  wanted  to 
analyze  software  reqts.  &  prod¬ 
uce  functional  specification  doc¬ 
uments  &  implement  software; 
create  test  specs,  for  new  sub¬ 
systems;  analyze  &  reengineer 
software  legacy  system;  provide 
mgmnt.  w/effort  estimations  & 
implementation  trade  offs;  apply 
software  design  patterns  in  C++ 
environment,  design  software 
using  UML,  Visual  C++,  C++, 
COM/DCOM,  ATL  &  STL;  modi¬ 
fy  real  time  multi-threaded  fram¬ 
ework  adapter  to  support  COM/ 
DCOM;  design  the  interfaces 
between  different  subsystems  to 
reduce  dependency  &  boost  de¬ 
velopment  process;  develop 
COM/DCOM  code  generator  to 
generate  ActiveX  automation 
components  using  Rhapsody  & 
ATL  tech.;  optimize  software  for 
performance  &  memory,  GDI 
handles  &  other  system  resourc¬ 
es  using  Visual  Quantify,  Purify 
&  PC-Lint;  develop  configuration 
mgmnt.  adapters  for  ClearCase, 
MKS,  VSS,  PVCS  Version  man¬ 
ager,  on  Windows  &  UNIX  oper. 
systems;  assist  customers  & 
customer  support  team.  Must 
have  Bach.  deg.  in  Comp.  Sci. 
or  related  field  &  4  yrs.  software 
development  exper.,  incl.  exper. 
with  software  modeling  tech¬ 
niques  &  UML,  exper.  with  C++, 
MFC  &  COM  tech.  incl.  internals 
of  COM/DCOM  &  ActiveX  tech., 
&  exper.  w/configuration  mgmnt. 
tools  incl.  Rational/ClearCase  & 
MKS/Source  Integrity  as  well  as 
expertise  in  multi-threaded  pro¬ 
gramming  concepts  &  develop¬ 
ment.  Salary  $93,209/'yr.  Send 
2  resumes  to  Case#200204206, 
Div.  of  Career  Services,  Labor 
Certification  Unit,  19  Staniford 
St.,  1st  fl.,  Boston,  MA  02114. 


IT  PROFESSIONALS 
Consultant 

(Glen  Mills,  Pennsylvania  and 
other  locations  through  the 
U.S.).  Under  the  supervision  of 
Senior  Consultants,  Managers, 
and  Senior  Managers,  assist  in 
providing  consulting  services  for 
implementation,  testing,  devel¬ 
opment,  maintenance  and  en¬ 
hancement  of  software  pack¬ 
ages  and  applications.  Design 
software  packages.  Utilize 
Rational  Rose  to  design  system 
architecture  in  Unified  Modeling 
language  (UML).  Utilize  Rational 
ClearCase,  Rational  Clear- 
Quest,  Adobe  Photoshop, 
Adobe  Illustrator,  Micromedia 
Dreamweaver,  Micromedia 
Flash,  Microsoft  Frontpage,  Vis¬ 
ual  Interdev,  and  Homesite  to 
develop  programming  logic  and 
web  interfaces.  Conduct  quality 
assurance  testing  of  software 
applications.  Create  and  main¬ 
tain  systems  documentation. 

Salary  $60,000  per  year.  Mon- 
Fri,  9:00  am  to  5:00  pm.  The 
position  requires:  Bachelor's 
degree  or  equivalent  in  Comput¬ 
er  Science,  Engineering  (any), 
Information  Systems  or  Busin¬ 
ess  Administration  +  2  years  of 
experience  in  the  job  offered  or 
2  years  of  experience  as  a 
Systems  Analyst,  Consultant  or 
Developer.  Related  experience 
must  include  at  least  six  months 
of  experience  in  Adobe  Photo¬ 
shop,  Micromedia  Flash,  Micro¬ 
soft  Frontpage,  and  Visual 
Interdev. 

Please  send  your  resume,  refer¬ 
encing  Job  Order  Number  WEB- 
41 5747  to  the:  PA  Careerlink, 
FLC  Unit,  235  W.  Chelten  Aven¬ 
ue,  Philadelphia,  PA  19144. 
EOE. 


PROGRAMMER  ANALYSTS  for 
Charlotte,  NC  office.  Develop 
software  applications  using  VB, 
Crystal  Reports,  Delphi,  ASP, 
XML,  Coolgen,  Interwoven;  De¬ 
velop  client/server  applications 
in  Oracle,  PL/SQL,  Developer 
2000  &  Designer  2000.  Bach¬ 
elors  or  Equivalent  req'd  in 
Computers,  Engineering,  Math 
or  related  field  of  study  +1  yr  ot 
related  exp.40  hrs/wk.  Must 
have  legal  authority  to  work  per¬ 
manently  in  the  U.S.  Send 
resume  to  HR  Manager, 
Masterminds  Global  Solutions, 
LLC,  6000  Fairview  Road, 
#1200,  Charlotte,  NC  28210. 


Systems  Analyst 

Analyze,  design,  and  deploy 
customized  IT  solutions  based 
on  a  client's  needs  and  business 
environment.  Must  have  Bach¬ 
elors  Degree  or  foreign  equiv.  in 
Computer  Science  or  in  a  relat¬ 
ed  field  &  1  yr.  exp.  or  1  yr.  exp. 
in  a  related  position  w/ability  to 
use:  OS  Windows,  C#,  MDX, 
OLAP,  and  XML  and  must  be 
willing  to  travel  and  relocate. 
40.0  hrs./wk  9:00  AM  -  6:00  PM. 
Applicants  send  cover  letter 
and  resume  to: 

SRA  Systems,  1945  Cliff  Valley 
Way,  Suite  270,  Atlanta.  GA 
30329,  Attn:  S.  Srinivasan. 


Radiant  Soft  Sol,  Inc.,  a  S/ware 
Consulting  Co,  seeks  to  fill  fol¬ 
lowing  Multiple  Openings  in 
Arlington  Hts,  IL  &  unanticipated 
Iocs  in  US: 

Sr.  Software  Consultants  (BS+3 
yrs  exp),  Business/  Systems/ 
Programmer/QA  Analysts  (BS  + 
2yrs  exp.),  Database  Analysts 
(BS+3yrs  exp.),  Network  Anal¬ 
ysts  (BS+  3yrs.  exp.)  &  IT 
Managers  (BS  +  3yrs  superviso- 
ry  exp). 

Respond  by  resume  to  HR,  855 
E.  Golf  Rd,  #1125,  Arlington  Hts, 
I L  60005. 


Engineer  (New  York,  NY):  De¬ 
velop/implement  introspective  & 
self-adaptive  hardware  &  soft¬ 
ware  sys.  Design,  implement  & 
evaluate  new  program  repre¬ 
sentations.  Consult  w/  engi¬ 
neers  &  clients  to  enhance  reli¬ 
ability,  scalability  &  perfor¬ 
mance.  Design  systems  &  tech¬ 
niques  to  map  applications  on 
architectures.  Must  have  M  S. 
in  Comp.  Sci.  or  Elec.  Eng.,  plus 
1  yr.  specific  experience.  Send 
resume  to  Melanie  Peters, 
Business  Manager,  Reservoir 
Labs,  Inc.,  632  Broadway,  Suite 
803,  New  York,  NY  10012. 


Programmer  Analyst  in  NYC 
to  analyze,  dsgn,  create 
prgms  &  dvlp  s/ware  prgms  & 
systms  using  Java,  C++,  JSP, 
Oracle,  ASP,  VB  &  VBScript. 
Req.  Bach,  in  Engg,  Comp. 
Sci/equiv.  +  2  yrs  exp  in  field. 
Will  accept  any  combination 
of  ed.,  training,  exp,  which  will 
meet  min.  req.  Resp.  to 
Ganesh  International,  Rajesh 
Kalra,  12  W.  27th  St.  2nd  Fl., 
NY  NY  10001.  Fax:  212-779- 
1616  E-Mail: 

careersusa@crawtsys.com 


Quality  Eng.  wanted  by 
company  engaged  in 
graphics  and  multimedia 
technology  design,  manu¬ 
facturing  and  marketing. 
Requires  Bach,  in  CS  or 
EE  plus  3  yrs  exp.  includ¬ 
ing  min.  2  yrs.  audio/video 
software.  Reply  to  ATI 
Research,  Inc.  H.R. 
Dept.,  Attn:  K.B.,  62 
Forest  Street,  Marl¬ 
borough,  MA  01752. 


Sr.  Network  Engineer/Adminis¬ 
trator  wanted  by  macro-political 
consultancy  co.  in  NYC,  NY. 
Must  have  a  min.  of  a  Bachelor's 
degree  or  foreign  equiv.  in 
Computer  Sci.,  Engineering, 
Business  or  related  and  1  yr. 
exp.  in  job  offered  or  as  a 
Network  Administrator.  In  lieu  of 
a  Bachelor's  degree,  the  em¬ 
ployer  will  accept  an  equivalent 
combination  of  formal  university 
education  and  work  experience 
in  network  administration.  Send 
resume  to  Catherine  Vitale  @ 
Medley  Global  Advisors,  LLC, 
451  Greenwich  St.  6th  FL,  NYC, 
NY  10013. 


Prog.  Analysts  to  analyze, 
design/develop  s/w  appls  using 
Java,  JavaScript,  VBScript, 
ASP,  HTML,  Weblogic,  Oracle. 
SQL,  COBOL,  DB2,  CICS  un¬ 
der  Windows,  UNIX  &  MVS  OS; 
perform  unit,  functional,  integra¬ 
tion,  regression  and  systems 
level  testing:  analyze  user  reqs, 
prepare  design  documents;  de¬ 
velop  &  enhance  online  &  batch 
programs;  implement,  install, 
test,  debug  and  modify  new / 
existing  appls.  Require:  BS  or 
foreign  equiv.  in  CS/Engg.  (any 
branch)  &  2  yrs  exp.  in  IT. 
Travel  involved.  High  Salary. 
F/T.  Resumes  to:  HR,  Global  IT 
Solutions  USI,  Inc.,  600 
Stevens  Port  Drive,  Ste  125, 
Dakota  Dunes,  SD  57049. 


Sales  Eng'g.  -  Present  & 
sell  comm.  &  recording 
equip,  to  clients.  Req'd: 
10  yrs.  exp.  in  job  or 
software,  sys.,  or  test 
eng'g  job  &  exp.  w/  LAN/ 
WAN,  Windows  NT,  CTI, 
CRM  and  PSAP.  Res¬ 
umes:  NICE  Systems, 
Inc.,  301  Route  17 
North,  10th  Floor,  Ruth¬ 
erford,  NJ  07070.  Attn: 
G.  Farese. 


Programmer  Analysts  to  ana¬ 
lyze,  design,  develop  appls  us¬ 
ing:  C,  VB,  JavaScript,  HTML/ 
DHTML,  EJB,  JSP,  ASP,  Servlet, 
UML,  Oracle,  SQL  under  Win¬ 
dows  OS;  perform  initial  study  of 
req  and  provide  feedback;  pro¬ 
vide  on  site  maintenance  sup¬ 
port,  debug,  modify,  fine  tune 
and  perform  code  optimization. 
Require:  BS  or  foreign  equiv.  in 
CS/Engg.(any  branch)  &  2  yrs  of 
exp.  in  IT.  High  Salary.  Travel 
Involved.  F/T.  Positions  avail¬ 
able  in  Elgin,  IL  and  Lower 
Gwynedd,  PA.  Resume  to:  HR, 
Fourth  Technologies,  Inc.,  1108 
N.  Bethlehem  Pike,  Suite  8, 
Lower  Gwynedd,  PA  19002. 
Specify  location  desired  on 
resume. 


Programmer  Analysts 
(multiple  positions) 
sought  by  a  New 
Jersey-based  s/ware 
consulting  firm.  Must 
have  Bach  in  Comp 
Sci.,  Engg  or  equiv 
and  one  yr  relevant 
exp.  Respond  to:  HR 
Dept.,  AK  Systems, 
Inc.,  100  Metroplex 
Drive,  Suite  303, 
Edison,  NJ  08817. 


Programmer  Analyst  need¬ 
ed  w/exp  to  analyze, 
design,  develop,  test  & 
implement  interfaces  &  cus¬ 
tom  solutions  using  C, 
Pro*C,  PL/SQL,  Oracle 
Forms  &  Reports,  Oracle 
Clinical  &  Documentum  on 
Windows.  Send  resumes 
to:  Soft  Tech  Source  - 
Ramesh  Sarva  CPA,  P.C. 
16  Murray  Guard  Dr., 
Jackson,  TN  38305. 


Information 
Overload  ? 
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Database  Developer 

Develop,  test  and  maintain  web- 
based  database  applications 
using  SQL  server  2000,  Access 
97/2000,  VB  6.0,  SQL, 
JavaScript,  .NET,  C/C++  and 
Crystal  Reports.  Req.  Master’s 
degree  in  Comp.  Sci.  or  closely 
related  field  &  proficiency  in 
SQL,  .Net,  VB6  and  Crystal 
Report.  40  hrs/wk.  Send  resume 
/w  cover  letter  to  Cindy  Dyer, 
Global  Vision  Technologies,  Inc. 
900  Rutger,  St.  Louis,  MO 
63104.  Fax:  (314)  436-9245. 
Ref.  Code:  mowz. 


Tietronix  Software,  Inc. 

(Houston,  TX)  is  seeking  Soft¬ 
ware  Developer.  1  yr.  exp.  in 
using  UML,  J2EE,  Oracle, 
SQL  Server,  XML,  Bourne,  C 
Shell  Scripting,  Rational  Rose. 
Netbeans,  Visual  Cafe,  Quan¬ 
tify  &  Purify  on  Windows,  & 
Solaris.  Send  resume  to  1331 
Gemini  Ave.,  #300,  Houston, 
TX  77058,  Attn:  HR,  or  email 
to  info@tietronix.com. 

ClickFind,  Inc.  (Bryan,  TX)  is 
seeking  Computer  Program¬ 
mer  for  medical  contract  re¬ 
search  industry.  1  yr.  related 
exp.  Send  resume  to  110 
North  Main  Street,  Bryan,  TX 
77803.  Attn:  Jennifer  Fox. 


Computer  Information  Supp¬ 
ort  Specialist:  wanted  by  trav¬ 
el  management  marketing 
firm  in  Miami,  FL.  Applicants 
must  investigate  computer 
software  and  hardware  prob¬ 
lems  of  users.  Applicant  must 
have  a  Bachelors  of  Science 
in  Computer  Engineering  and 
1  yr.  of  exp.  in  the  field.  Mail 
resumes  only  to  4950  SW 
72nd  Avenue,  2nd  Floor, 
Miami,  FL  33155.  Attention: 
Tammy  Gonzalez. 


Dynamic  Systems,  Inc. 
Programmer/Systems 
Analyst/Business  Analyst 
For  Lansdale,  PA  or 
North  Brunswick,  NJ 
Internet  Java,  JSP.EJB,  Web¬ 
Sphere,  WebLogic, Perl/CGI,  VB, 
ASP,C##,  ASP.NET  Or  VB.NET. 
Admin:AIX,HP-UX,  Solaris, Un¬ 
ix, Oracle,  Sybase,  DB2,  Informix 
or  SQL  Server.  Skills:RDBMS, 
Unix, VC++.C, C++, AS/400, RPG. 
IBM  MF  Cobol,  DB2,Clintrial, 
Oracle  Clinical  Or  SAS. 
iob@dvnamicsvstems-inc.com 

525  Milltown  Rd,  #107,  N.  Brun¬ 
swick,  NJ  08902;  650  N  Cannon 
Ave,  Lansdale,  PA  19446. 
Phone:  732-246-2297;  Fax:732- 
246-3362. 

www.dvnamicsvstems-inc.com 


VP,  Research  &  Development 
Lead  the  vision  &  technology 
innovation  effort  incl.  research  & 
development  of  new  products; 
product  development  support, 
budgeting/scheduling;  quality 
assurance  &  shipping;  specify 
engineering  requirements;  man¬ 
age  Research,  Development, 
Product  Mgmt.,  Quality  Ass¬ 
urance  &  Tech.  Support  teams; 
spokesperson  for  tech,  matters; 
prepare  reports  &  implement 
policies  communicated  by  the 
Board  &  Exec.  Mgmt.  Req.  PhD 
in  Elec.  Eng.  or  related  &  2  yrs 
exp.  in  job  or  2  yrs.  exp.  as  VP 
Engineering.  Resume  to  HR, 
Netuitive  12700  Sunrise  Valley 
Dr..  Reston,  VA  20191.  No 
calls  please. 


TEES  Information  System 

(College  Station,  TX):  is  seek¬ 
ing  Systems  Analyst.  B.S.  in 
Computer  Science  with  3  mon. 
related  exp.  using  AppleScript, 
Appletalk,  and  MAC  OS.  Send 
resume  to  3579  TAMU,  College 
Station,  TX  77843.  Attn: 
Catherine  Yancy. 

Pro-Tern,  Inc.  (League  City, 
TX)  is  seeking  Application 
Developer/Analyst.  1  yr.  exp.  in 
using  VB,  MFC,  Oracle,  data 
sampling,  embedded  coding, 
and  dosimetry  computation. 
Send  resume  to  2525  South 
Shore  Blvd.,  #401,  League 
City,  TX  77573.  email: 
human.resource@pti-sys.com. 
Attn:  Human  Resources. 


Programmer  (Roswell,  GA): 
Analyze,  dsgn,  test  &  maintain 
GUIs;  dvlp  Telephony,  Internet  & 
telecommunications  Database 
Systems  using  Visual  C++, 
Green  Leaf.  Dialogic  SDK,  etc. 
Req.  B.  Sc.  in  C.S.  or  its  foreign 
degree  equiv.  No  exp  req  but 
must  demo  ability  to  perform  job 
through  at  least  course/or  pro¬ 
ject  work  w /  Visual  C++  &  Green 
Leaf.  Resume  w /  transcript  to 
President,  New  Century 
Telecom  Inc.  8180  Greensboro 
Dr.  #700,  McLean,  VA  22102 


A  Fairfax,  VA  based  Company 
seeking  qualified  Programmers/ 
Analysts/Software  Engineers/IT 
Project  Managers  poss.  MS/BS 
or  equiv  and/or  relevant  work 
experience.  Duties  incl..  working 
with  at  least  3  of  the  following: 
Java,  Java  Servlets,  Oracle. 
Versata,  HTML,  XML,  Java 
Script,  Websphere,  Rational 
Rose,  PowerBuilder  FoxPro  and 
SQL  Server.  Send  res.  refs,  and 
sal.  req.  to:  Prescient  Infotech 
Inc.,  11130  Main  Street,  Suite 
100  El,  Fairfax,  VA  22030. 


Vayusa  Inc.,  a  pioneering 
mobile  payment  and  loyalty 
systems  developer,  seeks 
an  Information  Systems 
Director  to  lead  its  technolo¬ 
gy  development  and  strate¬ 
gy.  Must  have  MS  in  Comp. 
Sci.  or  related  field  &  3yrs 
exp.  To  apply  send  resume 
to:  Patrick  Binkley,  VP 
Engineering,  Vayusa  Inc., 
61  Chapel  St.  Newton,  MA 
02458. 


Technosol  Technologies,  LLC.,: 
Systems  Analysts:  Architect  & 
Test  Multi-Tier  Enterprise  Ap¬ 
plications  using  VB.NET,  XML, 
Web  Services,  PB,  C++,  UML. 
Rational  Rose,  J2EE,  Jaguar 
CTS  and  EAI  technologies 
using  database  in  Oracle, 
Sybase  and  SQL  Server.  Req. 
Degree  in  Comp.  Science  or 
related  field,  2  yrs  exp.  Send 
resume  to:  2606  Peninsulas  Dr. 
Missouri  City,  TX  77459  or 
email: 

technosol@technosoltech.com 


Multimedia  Web  Developer. 
Consults  w /  design,  technical, 
&  marketing  staff  to  plan  web 
site  dev.  Develops  graphic  & 
technical  architecture  of  web 
sites  including  database 
design  &  user  interface 
design.  Req  Bach.  in 
Advertising  or  Related  Field  & 
1  yr.  of  exp.  in  job  or  1  yr.  of 
exp.  as  a  Graphic  Designer/ 
Visualizer.  Send  Resume: 
Steven  Cohen,  Tempart,  Inc., 
412  SE  13th  St„  Fort 
Lauderdale,  FL  33316  (job- 
site). 


Programmer  Analyst.  Design 
&  Develop  S/W  to  computer¬ 
ize  the  payroll  on  DOS,  Win 
95,  98  &  NT,  w/the  use  of 
PL/SQL,  ASP3.0,  SQL  Ser¬ 
ver  7.0,  HTML,  DHTML. 
Visual  Interdev,  Frontpage, 
VB,  Java  Script  &  VB  Script. 
Req:  BS  in  Comp.  Sci/Comp. 
Eng/Electrical  Eng.  40  hrs / 
wk.  Job/Interview  Site:  Lake 
Havasu  City,  AZ.  Send 
Resume  to  Desert  Payroll 
Services  Inc.  @  P.O.  Box 
3058,  Lake  Havasu,  AZ 
86405-3058. 


Multiple  Positions;  8a-5p; 
40hrs/wk 

(A)  Programmer  Analyst: 
Analyze,  dvlp,  implmt,  prgm 
using  C,  C++,  Perl,  Oracle  DB2, 
UNIX  &  systms  analysis  &  dsgn 
method. 

(B)  Tech  Supp  Spec:  Analyze 
project;  assign  &  coord  work; 
review,  test  prgm  for  compatibili¬ 
ty;  perform  web  hosting;  trou¬ 
bleshoot,  debug  &  provide  tech 
support/updates  using  Java, 
J2EE,  EJB,  Perl,  Oracle, 
ObjectStore,  WebLogic,  UNIX. 

(C)  Technical  Supp  Spec: 
Analyze  project;  assign  &  coord 
work;  review,  test  prgm  for  com¬ 
patibility;  perform  web  hosting; 
troubleshoot,  debug  &  provide 
tech  support/updates  using 
Visual  Studio.NET,  ASP.NET, 
ADO.NET,  C  Sharp.  Visual 
Source  Safe,  Oracle,  Crystal 
Reports.NET 

Must  have  1  yr  exp  in  job  offd  or 
as  IT  professional  using  comp 
skills  listed  for  position  AND 
Bach  or  equiv  in  Comp 
Sci/Engg;  Electrical,  Electronics, 
Mech  or  related  Engg;  Info  Tech, 
Mgmt  Info  Systms,  Commerce, 
Bus  Admin/Mgmt  or  related  field. 
Send  resume  (indicating  job 
applying  for)  to  Concept  S  &  S, 
Inc.,  109  E.  17th  St„  Ste  #12. 
Cheyenne,  WY  82001 . 


Infogen  is  seeking  IT  profession¬ 
als  to  design  applications  for 
clients  using  Orade9i,  Weblogic 
/  WebSphere,  C++,  Visual  C++, 
VB,  COM,  STL,  MTS,  MSMQ, 
ASP,  Java,  HTML,  XML,  MTS, 
MSMQ,  ADO,  UML.  Min  BS, 
travel  is  required.  Send  resume 
to  infoiobs@infoaeninc.com. 
EOE 

Leapers,  a  fast  growing  interna¬ 
tional  trade  company,  looks  for 
System  Analyst,  DBA  to  design 
and  maintain  customer  manage¬ 
ment  system  (CMS),  warehouse 
management  system  (WMS), 
supply  chain  management  sys¬ 
tem  (SCM),  back  order/stage 
order  management  system 
(BKM).  BS  &  exp  required.  EOE. 


Senior  Engineer  (Portland,  OR): 
Develop  &  implement  introspec¬ 
tive  &  self-adaptive  hardware  & 
software  sys.  Design,  imple¬ 
ment,  &  evaluate  new  program 
representations.  Consult  w  / 
teams  &  clients  to  enhance  reli¬ 
ability,  scalability  &  performance 
of  advanced  computer  system. 
Supervise  project  team  &  engi¬ 
neers  to  devise  solutions.  Min. 
req's:  Ph.D.  in  Comp.  Sci.  or 
Elec.  Eng.  Plus  1  yr.  specialized 
experience.  Send  resume  to 
Melanie  Peters,  Business  Man¬ 
ager,  Reservoir  Labs,  Inc.,  632 
Broadway,  Suite  803,  New  York, 
NY  10012. 


Senior  Consultant 

(Glen  Mills,  PA  and  other  com¬ 
pany  +  client  locations  through¬ 
out  the  United  States)  Respon¬ 
sible  for  Merger  and  Acquisition 
(M&A)  integration  implementa¬ 
tion  in  the  High  Technology  and 
Consumer  Retail  Industries.  Re¬ 
sponsible  for  supply  chain  pro¬ 
cess  design  in  the  Manufactur¬ 
ing  Industry.  Responsible  for  the 
implementation  of  SAP  R/3  Vari¬ 
ant  Configuration.  Responsible 
for  implementation  of  Oracle 
Financial  Suite.  Responsible  for 
design  of  web-based  Knowledge 
Management  tools  and  design 
and  implementation  utilizing 
Microsoft  Access  based  supply 
chain  tools. 

Salary:  $105, 000/year.  Work 
schedule  is  M-F  9am-5pm.  Posi¬ 
tion  requires:  Bachelor’s  degree 
or  equivalent  in  Computer  Sci¬ 
ence,  Math,  Business  Adminis¬ 
tration,  Engineering  or  Info  Sys¬ 
tems  plus  3  years  experience  in 
the  job  offered  in  related  occu¬ 
pation  of  Senior  Consultant, 
Consultant,  Associate,  Program¬ 
mer,  Analyst,  or  Management 
Analyst.  Experience  in  offered 
position  or  related  occupation 
must  include  at  least  2  years  of 
experience  with  SAP  R/3  Variant 
Configuration,  Oracle  Financial 
Suite,  Microsoft  Access,  and 
M&A  integration. 

Please  send  your  resume,  refer¬ 
encing  Job  Order  Number  WEB 
415770  to:  PA  CareerLink,  FLC 
Unit,  235  W.  Chelten  Ave., 
Philadelphia.  PA  19144.  EOE. 


Graphic  Designer.  Design  & 
edit  graphics  in  consultation 
w/production  personnel  based 
on  appearance,  design-func¬ 
tion  relationship,  budget,  price, 
costs  &  client  specification. 
Build  simulated  graphic  mod¬ 
els  using  Photoshop,  Illustra¬ 
tor,  &  Quark.  Req:  Bachelor  of 
Fine  Arts  in  Graphic  Design. 
40hrs/wk.  Job/Interview  Site: 
Laguna  Niguel,  CA  92677. 
Send  resume  to  Chapman 
Walters  Intercoastal  Corp.  @ 
P.O.  Box  7242,  Laguna  Niguel, 
CA  92607. 


System  Analyst.  Design,  devel¬ 
op.  test,  code,  implement  and 
maintain  computer  systems  and 
perform  programming  to  meet 
project  requirements  for  Risk 
Management  Department;  de¬ 
sign  and  develop  ETL  process  to 
upload  data  from  OLTP  system 
to  Star  Schema;  develop  inter¬ 
face  process  to  transfer  data 
between  Loan  Servicing  and 
FACS;  use  Oracle  7.x,  8.05,  SQL 
Server,  Crystal  Reports.  Require 
3-yr  college  &  2-yr  exp  as 
Programmer  or  IT  Consultant. 
Related  exp  must  include  using 
Oracle  7.x,  8.05,  SQL  Server, 
Crystal  Reports.  40hrs/wk,  8- 
5pm,  $72k/yr.  Send  resumes  to 
PO  Box  11170,  Detroit,  Ml 
48202,  reference  #  230072. 
Employer  paid  Ad. 


Software  Enaineers:Consultants 
needed  for  database  program¬ 
ming,  Internet  programming  or 
Systems  side  programming. 
Will  help  clients  design,  develop, 
program,  and  test  software  im¬ 
plemented  on  client  server  tech¬ 
nology.  The  main  technologies 
involved  are  databases  (Oracle), 
datawarehousing  tools  (Busin¬ 
ess  objects,  Informatica,  Cog- 
nos),  and  Internet  programming 
languages  (Java,  JDBC)  or  Sys¬ 
tem  programming  languages  (C 
and  C++).  Must  have  5  yrs.  exp. 
as  software  engineer  or  in  a 
related  field. 

Unix  Administrators:Consultants 
also  needed  for  network  imple¬ 
mentation  and  administration, 
system  integration,  backup,  and 
recoveries,  shell  scripting  and 
system  securities.  Knowledge 
of  management  of  enterprise 
network  storages  devices  (SAN 
and  NAS),  HP  and  Solaris 
Serves,  Swithches,  HUBs  and  in 
Veritas  NebBackup  Systems.  5 
yrs.  experience  as  Unix  Sys¬ 
tems  Administrator  or  related 
field. 

Rea,  for  both  positions:  Clients 
are  located  in  9  states.  Candi¬ 
dates  must  be  willing  to  move 
from  location  to  location  for 
assignment  durations  that  varies 
from  3  mos.  to  year.  Email  CV 
to  rtroff@tnscinc.com.  Rona 
Troff,  HR  Mgr  of  TechNation 
Software  Consulting,  Inc.,  or 
mail  to  300  N.  Dakota  Avenue, 
#505B,  Sioux  Falls,  SD  57104. 


DatamanUSA,  LLC,  a  Software 
Consulting  Co.  seeks  qualified 
IT  Professionals  for  dsgn, 
dvlpmt,  testing  &  implmtn  of 
s/ware  &  database  systms.  B.S. 
in  Comp  Sci,  Eng.,  a  related  field 
or  equiv  w/3  yrs.  exp.  Applicants 
must  be  willing  to  relocate/travel 
to  various  unanticipated  Iocs 
throughout  US.  Mail  resume  to 
Attn.  HR,  31 5A  West  Lincoln 
Way.  Ste  15,  Cheyenne,  WY 
82001  or  email  to 
jobs_wy@DatamanUSA.com. 


SurajSoft  Inc.  is  hir¬ 
ing  System  Admin 
Managers.  Send 
resume  to  304 
Town  and  Country 
Village  Sunnyvale 
CA 94086.  Maybe 
placed  at  client 
sites  nationwide. 


IT  Education  &  Training  Directory 


Contact  the  companies  listed  below 
to  help  you  with  your  training  needs! 


IPexpert,  Inc. 

(866)  225-8064 

www.ipexpert.com 

CCIE  (R&S,  SEC,  and  C&S),  CCSP, 

CCNP,  CCNA,  IP  Telephony 


CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
www.cbtnuggets.com 
Affordable  training  videos  on  CD 
MCSE,  MCDBA,  MCSD,  CCNA, 
Citrix,  Linux,  A+,  Net  + 
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Need  two  Programmer/Ana- 
lyst(s)  to  analyze,  design,  devel¬ 
op,  test,  implement,  maintain 
and  support  application  software 
in  a  multi-platform  environment 
(Unix/Windows/Sun  Solaris)  on 
a  large  scale  client/server  and 
web-based  systems  using  C++, 
C,  Java,  JSP,  PERL,  HTML,  Vis¬ 
ual  Basic,  PowerBuilder,  Oracle, 
Business  Objects,  CORBA, 
RMI,  TCP/IP  Socket  program¬ 
ming,  Netscape  Application  Ser¬ 
ver,  Netscape  Application  Build¬ 
er,  Weblogic,  Require  Bachelor's 
degree  or  equivalent  with  4 
years  of  relevant  experience. 
Extensive  travel  on  assignments 
to  various  client  sites  within  US 
is  required.  Competitive  salary 
offered.  Apply  by  resume  to  Ravi 
Kandimalla,  Everest  Computers, 
Inc.,  875  Old  Roswell  Road, 
Suite  E  400,  Roswell,  GA  30076. 
Attn:  JobGR. 


Multiple  openings  for  software 
engineer  to  design,  develop  and 
test  computer  programs  for  busi¬ 
ness  applications;  analyze  soft¬ 
ware  requirements  to  determine 
feasibility  of  design;  direct  soft¬ 
ware  system  testing  procedures 
using  expertise  in  ASP.NET, 
SQL  Server  2000,  T-SQL,  XML 
and  VSS.  Requirements;  Bach¬ 
elor's  Degree  or  equivalent  in 
Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge  of 
ASP.NET,  SQL  Server  2000,  T- 
SQL,  XML  and  VSS.  Salary: 
$70, 242/year.  Working  Condi¬ 
tions:  8:00  A.M.  to  5:00  P.M.,  40 
hours/week,  involves  extensive 
travel  and  frequent  relocation. 
Apply:  Site  Administrator, 

Greene  County  CareerLink,  4 
West  High  Street,  Waynesburg, 
PA  15370,  Job  No.  WEB416004. 


Computer 

Household  International, 
headquartered  in  Prospect 
Heights,  IL,  has  an  opening 
for  a  Consultant  Business 
Systems  working  in  the 
USA. 

We  offer  competitive  com¬ 
pensation  and  benefits. 
Please  fax  resume  to  831- 
755-6528,  Attn:  Job  Code 
PHCBS. 

EOE  M/F/D/V 


Need  two  Programmer/Ana- 
lyst(s)  responsible  for  People- 
Soft  Financials  full  cycle  imple¬ 
mentations,  development,  sup¬ 
port,  customizations,  interfaces, 
legacy  system  conversion  and 
reporting  tools  in  an  Oracle/Unix 
environment.  Require  Bachel¬ 
or's  degree  or  equivalent  with  5 
years  of  relevant  experience. 
Extensive  travel  on  assignments 
to  various  client  sites  within  US 
is  required.  Competitive  salary 
offered.  Apply  by  resume  to  Ravi 
Kandimalla,  Everest  Computers, 
Inc.,  875  Old  Roswell  Road, 
Suite  E  400,  Roswell,  GA  30076. 
Attn:  JobKR. 


Sr.  Software  Engineer  (with 
Bachelors  degree  and  5  years 
experience)  -  Job  entails  and 
requires  experience  in  team 
management  and  design  and 
development  of  applications 
including  financial/banking 
applications  using  Oracle, 
DB2,  FoxPro,  C,  C++,  ProC, 
JSP  and  EJB.  Relocation 
within  USA  Possible.  Attrac¬ 
tive  compensation  package. 
Send  resume  to  Sally 
Ronquillo,  Cybernet  Software 
Systems  Inc.,  3031  Tisch 
Way,  Suite  1002,  San  Jose, 
CA  95128. 


Resource  Assistance  has  oppor¬ 
tunities  for  Programmers, 
Programmer  Analysts,  Systems 
Analysts,  Software  Engineers, 
DBA's  and  Software  Consultants 
with  three  or  more  of  the  follow¬ 
ing  skills: 

Java,  Shell  Scripts,  SAS,  PLC, 
Textra,  XML,  SQL,  DB2, 
mqPCX,  Oracle,  PowerBuilder, 
Rational  Rose,  Sybase,  Perl, 
VBScript,  Visual  Basic,  SQL, 
Crystal  Reports  &  IIS. 

BS  or  MS  depending  on  posi¬ 
tion.  1  or  2  yrs  exp  reqd. 
depending  on  position  We  also 
accept  the  foreign  edu.  equiv.  of 
the  degree,  or  any  suitable 
comb  of  edu.,  training  or  exp. 
Frequent  travel  and  relocation. 
Positions  avail  in  NJ  &  IL.  Send 
confidential  resume  and  salary 
requirements  to:  Resource 
Assistance,  Inc.,  230  North 
Avenue  West,  Westfield,  NJ 
07091. 


Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements  to 
determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
Developer  2000,  Oracle  9i,  PL/ 
SQL,  Forms  6i  and  SQL*Loader. 
Requirements:  Bachelor's  De¬ 
gree  or  equivalent  (from  an  ac¬ 
credited  or  unaccredited  univer¬ 
sity)  in  Computer  Science  or 
related  field  and  two  years  expe¬ 
rience  as  a  software  engineer  or 
computer  programmer,  knowl¬ 
edge  of  Developer  2000,  Oracle 
9i,  PL/SQL,  Forms  6i  and  SQL*- 
Loader.  Salary:  $70, 242/year. 
Working  Conditions:  8:00  A.M.  to 
5:00  P.M.,  40  hours/week,  in¬ 
volves  extensive  travel  and  fre¬ 
quent  relocation.  Apply:  Mana¬ 
ger,  Butler  County  CareerLink, 
Pullman  Commerce  Center,  112 
Hollywood  Drive,  Suite  101, 
Butler,  PA  16001,  Job  No. 
WEB416023. 


Software  engineer  to  design,  de¬ 
velop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  de¬ 
sign;  direct  software  system 
testing  procedures  using  exper¬ 
tise  in  VB.NET,  C#,  PVCS, 
SourceSafe,  SQL,  Sybase  and 
MTS.  Requirements:  Bachelor's 
Degree  or  equivalent  in  Com¬ 
puter  Science  or  related  field 
and  two  years  experience  as  a 
software  engineer  or  computer 
programmer,  knowledge  of 
VB.NET,  C#,  PVCS,  Source¬ 
Safe,  SQL,  Sybase  and  MTS. 
Salary:  $70, 242/year.  Working 
Conditions:  8:00  A.M.  to  5:00 
P.M.,  40  hours/week,  involves 
extensive  travel  and  frequent 
relocation.  Apply:  Mon  Valley 
Regional  CareerLink,  Attn:  Actg. 
CL  Program  Supervisor,  Donora 
Industrial  Park,  570  Galiffa 
Drive,  Donora,  PA  15033,  Job 
No.  WEB415970. 


Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  de¬ 
sign;  direct  software  system 
testing  procedures  using  exper¬ 
tise  in  VB.NET,  COM,  XML, 
XSL,  SQL,  DHTML  and  XPath. 
Requirements:  Bachelor's  De¬ 
gree  or  equivalent  in  Computer 
Science  or  related  field  and  two 
years  experience  as  a  software 
engineer  or  computer  program¬ 
mer,  knowledge  of  VB.NET, 
COM,  XML,  XSL,  SQL,  DHTML 
and  XPath.  Salary:  $70,242/ 
year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours 
week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
Site  Manager,  Armstrong  County 
CareerLink,  1270  North  Water 
Street,  PO  Box  759,  Kittanning, 
PA  16201 .  Job  No.  WEB4 15966. 


SOFTWARE  ENGINEER  to  des¬ 
ign,  develop  and  implement  web- 
based  application  software  and 
databases  using  Java,  J2EE, 
JMS,  Java  Mail  API,  EJB,  JNI. 
JDBC,  XML,  JavaScript,  Web¬ 
logic,  WebSphere,  Struts,  Ant, 
log4j,  MS  SQL  Server,  UML, 
OOAD,  Rational  Rose,  MS 
Access  and  MS  Visio  on  Win¬ 
dows  XP/2000,  Linux  and  UNIX 
platforms;  Test  applications  man¬ 
ually  and  automatically  using 
WinRunner  and  LoadRunner. 
Require:  M.S.  degree  in  Comput¬ 
er  Science/Engineering,  Mathe¬ 
matics,  or  a  closely  related  field 
with  2  yrs.  of  exp  in  the  job  of¬ 
fered  or  as  a  Systems  Analyst. 
Extensive  travel  on  assignments 
to  various  client  sites  within  the 
U.S.  is  required.  Competitive 
salary  offered.  Apply  by  resume 
to:  Sophie  Mookerji,  Software 
Paradigms  International,  Inc., 
3901  Roswell  Rd,  Ste  134, 
Marietta,  GA  30062;  Attn:  Job 
SG. 


SENIOR  SOFTWARE  ENGIN¬ 
EER  to  design,  develop  and  test 
application  software  using  C, 
C++,  COBOL,  Shell  Scripting, 
Perl,  VC++,  Java,  XML,  XSLT, 
Novell  eDirectory,  Novell  Dir- 
XML,  Oblix  NetPoint,  IBM  MQ- 
Series,  BEA's  Tuxedo  Trans¬ 
action  Manager,  Oracle,  Oracle 
XSU,  Rational  Rose  and  Clear- 
case  under  SUN  Solaris  and 
HP-UX  operating  systems;  Men¬ 
tor  junior  programmers  and  en¬ 
gineers.  Require:  B.S.  Computer 
Science,  an  Engineering  disci¬ 
pline,  or  a  closely  related  field 
with  5  yrs  of  progressively  res¬ 
ponsible  exp  in  the  job  offered  or 
as  a  Systems  Engineer  or  Pro¬ 
grammer.  Extensive  travel  on 
assignment  to  various  client 
sites  within  the  U.S.  is  required. 
Competitive  salary  offered.  Ap¬ 
ply  by  resume  to:  Kondaia  R. 
Maddala,  Apkon  Systems,  Inc., 
1366  Valmont  Trace,  Marietta, 
GA  30066;  Attn:  Job  NH. 


Software  engineer  to  design,  de¬ 
velop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  de¬ 
sign;  direct  software  system 
testing  procedures  using  exper¬ 
tise  in  Sybase,  Oracle,  Web- 
Logic  and  Visual  Studio  .NET. 
Requirements:  Bachelor's  De¬ 
gree  or  equivalent  in  Computer 
Science  or  related  field  and  two 
years  experience  as  a  software 
engineer  or  computer  program¬ 
mer,  knowledge  of  Sybase, 
Oracle,  WebLogic  and  Visual 
Studio  .NET.  Salary;:  $70,242/ 
year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours/ 
week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
BECS/CareerLink  Program  Sup¬ 
ervisor,  Indiana  County  Career- 
Link,  300  Indian  Springs  Road, 
Indiana,  PA  15701,  Job  No. 
WEB415974. 


NETWORK  SYSTEMS  ENGI¬ 
NEER  to  administer,  design, 
install,  configure,  maintain  and 
trouble-shoot  LAN/WAN  under 
Windows  and  Linux  operating 
systems;  Responsible  for  net¬ 
work  performance,  hardware 
optimization  and  client/server 
performance  tuning;  Assign  IP 
addresses,  install  and  configure 
software,  client  machines  and 
peripherals  to  the  network;  De¬ 
sign  and  implement  protocols, 
topologies,  passive  hubs,  swit¬ 
ches,  and  other  network  related 
technology.  Require:  B.S.  de¬ 
gree  in  Computer  Science,  Info 
Technology,  or  a  closely  related 
field  with  1  yr  of  exp  in  the  job 
offered  or  as  a  Systems  Admin¬ 
istrator,  or  Computer  Systems 
Engineer.  Competitive  salary 
offered.  Apply  by  resume  to: 
Eduardo  Santos,  Noble  Systems 
Corporation,  4151  Ashford 
Dunwoody  Road,  Suite  550, 
Atlanta,  GA  30319;  Attn:  Job  PF. 
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Sr.  Application  Programmer  - 
Migrate  MS  SQL  6.5  &  ACCESS 
database  to  MS  SQL  7/2000. 
Convert  &  reprogram  current 
FORTH  &  ACCESS  front  end 
applications  to  Visual  Basic  6.0. 
Migrate  DOS  flat  file  database  to 
MS  Database  Engine  format. 
Design  &  develop  reports,  MS 
Word  &  Excel  merge  templates 
for  MS  SQL  database.  Design  & 
test  user  installation  programs 
including  various  Windows  envi¬ 
ronment.  BS  in  Computer  or 
related  field  +  2  yrs.  as  Pro¬ 
grammer  utilizing  MS  SQL6.5  & 
Visual  Basic.  Attn:  Stella  Chang, 
OMTI,  2901  Wilcrest  Dr.,  Suite 
211,  Houston,  TX  77042,  Email: 
employment@omti.com. 


Cressanda  Solutions  Inc.  has 
openings  for  Programmer 
Analysts  for  Iocs  in  PA  &  else¬ 
where  w/at  least  1  yr  exp  in  any 
of  following  skills:  AutoCAD,  C, 
C++,  Visual  C++,  ActiveX,  MS 
Access,  COM,  Oracle, 
Developer  2000,  VB,  ASP, 
HTML,  JavaScript,  IIS,  Crystal 
Reports  &  SQL  Server.  Some 
positions  req  Bach  in  Comp.  Sci. 
or  Engg.  &  some  req.  at  least  4 
yrs.  exp  in  IT  field.  Must  have 
legal  auth  to  work  in  US. 
Excellent  pay  &  benefits.  Mail 
resume  w/proof  of  work  status 
to:  hrus@cressanda.com 


itcareers.com 

can  solve  the 
labyrinth  of 
job  hunting  by 
matching  the 
right  IT  skills 
with  the  right 
IT  position. 
Find  out  more 

at: 

www.itcareers.com 
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Computerworld 


lJrchpft 

PROSOFT  TECHNOLOGY 

GROUP,  INC.  has  immediate,  full¬ 
time  multiple  opportunities  for 
experienced  Programmers, 

Programmer  Analysts,  Systems 
Analysts,  System  Administrator 
and  Database  Administrators  with 
a  BS  or  MS  depending  on  position 
and  minimum  of  one  year  experi¬ 
ence  in  any  of  the  following  skills: 

EAI/B2B  Integration, 
webMethods  (Integration 
Server,  Broker,  Mainframe 
Integration  Server,  WorkFlow) 

SAP  R/3  Functional  Modules, 
ABAP/4,  Basis,  BW,  EBP/SRM, 
APO,  SEM,  CRM,  SAP 
Business  One,  SAP  Portals  and 
SAP  Net  Weaver 

J2EE  Technologies,  Web  Logic, 
Web  Sphere  and  iPlanet,  XML, 
Web  services  frame  work 
(SOAP),  WSDL,  UDDI, 

Microsoft  .Net  or  SeeBeyond 
5.x 

Peoplesoft  and  Oracle  - 
Applications 

Database  Administration  - 
Oracle  and  SQL 

Enterprise  Reporting-  Actuate, 
Crystal  Reports  and  Data 
Warehousing 

We  also  accept  the  foreign  edu. 
equiv.  All  positions  require  fre¬ 
quent  travel  and  relocation 
throughout  the  U  S.  Send  confi¬ 
dential  r6sum6  and  salary  require¬ 
ments  to  Ref  #  Pete  -  2004  Attn; 
HR  Manager,  Prosoft  Technology 
Group,  Inc.,  2001  Butterfield 
Road,  Suite  1050  Downers  Grove, 
IL  60515. 

Visit  our  website  at: 
www.prosoftgroup.com. 


Consultant  (Multiple  positions). 
Req.  Bach  's  degree  or  higher  in 
CS,  Eng.,  or  rel.  field  (or  equiv. 
foreign  educ.)  &  3  yrs.'  exp.  in 
client/server  s/ware  devel.  using 
OOP  concepts  &  methodolo¬ 
gies.  Stated  exp.  must  incl.  1  yr. 
in  each  of  the  following:  creating 
interfaces,  reports,  stand-alone 
applications,  stored  procedures, 
&  extensions  for  Facets  integrat¬ 
ed  delivery  system;  &  exp.  with  5 
of  the  following:  Java,  C++, 
J2EE,  EC  Gateway,  Xml, 
Oracle,  SQL,  &  Sybase.  Consult 
with  healthcare  industry  clients 
to  analyze  &  define  application 
design  reqs.  &  review  expected 
design  performance  &  costs  to 
predict  overall  feasibility.  40 
hrs./wk.  Apply  with  resume  to: 
The  TriZetto  Group,  Inc.,  Attn: 
Human  Resources,  2801 
Gateway  Dr.,  Ste.  140,  Irving, 
TX  75063. 


Seek  Level  I  &  II  Computer 
Programmers/Software  Engr  w / 
strong  communication  skills  & 
any  of  following  skills:  VB/PB, 
SQL  &  any  database,  VB.Net, 
AS/400,  RPG/400,  COBOL/400, 
CL,  Visual  C++  or  C++,  NT 
Admin.,  JAVA/HTML/CGI,  PERL, 
Oracle/Sybase/SQL  Developers 
&  DBAs,  Lotus  notes,  Domino 
and  ERP  packages.  Level  I:  B.S. 
degree  and  2-3  years  exp.  Level 
II:  M.S.  or  B.S.  and  5  yrs.  exp. 
Experience  should  include  de¬ 
sign,  development,  testing  and 
implementation  of  commercial 
systems.  Assignments  may  be 
anywhere  in  the  U.S.  Travel 
required.  Forward  resumes  to 
Manager@MilestoneConsultinq. 

com.  8625  NW,  8  street,  Suite 
422,  Miami,  FL  33126. 


Software  Engineer  to  analysis, 
design,  develop,  test,  imple¬ 
ment  and  support  PeopleSoft's 
web  architecture  global  ERP 
Solutions;  as  a  technical  lead 
develop  solutions  throughout 
the  project’s  life-cycle  with 
hands  on  experience  in  SQRs, 
security,  LDAP,  Informix, 
Oracle,  and  PL/SQL.  Bachelor 
Degree  and  5  years  in  full- 
cycle  experience  for  HR,  PY, 
AP,  GL,  T&L,  PO,  Bl  and  SS. 
Send  Resume  to  Datum 
Software  Inc.  Attn:  HR,  6525 
The  Corners  Parkway,  Suite 
312,  Norcross,  GA  30092. 


Pinnacle  Talent,  Inc.  has  imme¬ 
diate,  full-time  opportunities  for: 
Software  Engineers.  To  re¬ 
search,  design,  and  develop 
computer  software  systems,  in 
conjunction  with  hardware  prod¬ 
uct  development,  applying  prin¬ 
ciples  and  techniques  of  com¬ 
puter  science,  engineering,  and 
mathematical  analysis,  formu¬ 
late  and  design  software  sys¬ 
tem,  will  use  a  variety  of  soft¬ 
ware  tools  including;  Power¬ 
Builder,  TPF,  Sybase,  Perl,  So¬ 
laris,  Java,  Corba.  Master's  de¬ 
gree  or  foreign  edu.  equiv.  of 
same  and  1  yr  exp.  required 
Systems  Analyst  to  analyze 
user  requirements,  procedures, 
and  problems  to  automate  pro¬ 
cessing  or  to  improve  existing 
computer  system:  review  com¬ 
puter  system  capabilities  study 
existing  information  processing 
systems,  develop  new  systems 
to  improve  production  will  use  a 
variety  of  software  tools  includ¬ 
ing;  SAP  R/3,  ABAP/4,  Apache, 
Java,  JDBC  Oracle,  PL/SQL, 
Servlets,  Rational  Rose.  Mas¬ 
ter's  degree  or  foreign  edu. 
equiv.  of  same  and  1  yr  exp. 
required 

Programmer  Analysts  to  plan, 
develop,  test,  and  document 
computer  programs,  applying 
knowledge  of  programming 
techniques  and  computer  sys¬ 
tems:  evaluate  user  request  for 
new  or  modified  program,  for¬ 
mulate  plan  outlining  steps 
required  to  develop  program, 
using  structured  analysis  and 
design.  Design  new  code/pro¬ 
gram  or  replace,  delete,  or  mod¬ 
ify  existing  code/program  to 
meet  client  needs,  will  use  a 
variety  of  software  tools  includ¬ 
ing;  SAP  R/3,  ABAP/4,  Cobol,  C, 
Fortran,  Visual  Basic,  Oracle. 
Pascal,  Solaris.  Bachelor's  de¬ 
gree  or  foreign  edu.  equiv.  of 
same  and  1  yr  exp.  required 
For  some  positions,  we  also 
accept  the  degree  equivalent  in 
edu.  and  exp.  Travel  and/or  relo¬ 
cation  required.  Send  confiden¬ 
tial  r6sum6,  salary  requirements 
and  position  applying  for  to: 
Pinnacle  Talent,  Inc.  Attn:  HR 
1919,  Midwest  Road,  Suite  210, 
Oakbrook  IL  60523. 


Software  Engineer.  Job  loca¬ 
tion:  Indianapolis,  IN.  Duties: 
Ana-lyze,  design  &  develop 
appls.,  customize  programs  & 
enhance  user  appeal  &  appl. 
utility  for  healthcare  cos.  using 
Cold  Fusion,  Dreamweaver, 
Java  &  Oracle.  Perform  appl. 
testing,  configuration,  system 
analysis  &  client  interaction. 
Also  resp.  for  prog,  using  XSL, 
CSS,  LDAP,  Oracle,  SQL 
Server  &  others.  Perform  full  life 
cycle  develop,  of  system. 
Requires:  B.S.  (or  foreign 
equiv.)  in  Comp.  Sci.,  Eng.  or 
related  field  &  3  yrs.  exp.  in  the 
job  offered  or  3  yrs.  exp.  as  a 
Prog/Analyst,  Analyst  or  Prog. 
Concurrent  exp.  must  incl:  3 
yrs.  exp.  designing  &  develop¬ 
ing  appls.  for  healthcare  cos. 
using  ColdFusion  &  Oracle. 
Mail  resume  (no  calls)  to: 
Wendell  Tankersley,  CTG,  Inc., 
5875  Castle  Creek  Pkwy., 
Indianapo-lis,  IN  46250-4328. 


Multiple  openings  for  software 
engineers  to  design,  develop 
and  test  computer  programs  for 
business  applications;  analyze 
software  requirements  to  deter¬ 
mine  feasibility  of  design;  direct 
software  system  testing  proce¬ 
dures  using  expertise  in  .NET, 
UML,  SQL  Server,  C#  and  XML. 
Requirements:  Bachelor's  De¬ 
gree  or  equivalent  in  Computer 
Science  or  related  field  and  two 
years  experience  as  a  software 
engineer  or  computer  program¬ 
mer,  knowledge  of  .NET,  UML, 
SQL  Server,  C#  and  XML. 
Salary:  $70, 242/year.  Working 
Conditions:  8:00  A.M.  to  5:00 
P.M.,  40  hours/week,  involves 
extensive  travel  and  frequent 
relocation.  Apply:  Fayette  Coun¬ 
ty  CareerLink,  Attn:  CareerLink 
Program  Supervisor,  135  Way- 
lan  Smith  Drive,  Uniontown,  PA 
15401,  Job  No.  WEB416010. 


Hexaware  Technologies,  Inc. 
has  immediate,  full-time  oppor¬ 
tunities  for: 

Software  Engineers.  To  res¬ 
earch,  design  and  develop  com¬ 
puter  software  systems,  in  con¬ 
junction  with  hardware  product 
development,  applying  princi¬ 
ples  and  techniques  of  computer 
science,  engineering  and  math¬ 
ematical  analysis,  formulate  and 
design  software  system,  will  use 
a  variety  of  software  tools  in¬ 
cluding;  PowerBuilder,  TPF,  Sy¬ 
base,  Perl,  Solaris,  Java,  Corba. 
Master’s  degree  or  foreign  edu. 
equiv.  of  same  and  1  yr  exp. 
required. 

Systems  Analyst  to  analyze 
user  requirements,  procedures 
and  problems  to  automate  pro¬ 
cessing  or  to  improve  existing 
computer  system:  review  com¬ 
puter  system  capabilities  study 
existing  information  processing 
systems,  develop  new  systems 
to  improve  production  will  use  a 
variety  of  software  tools  includ¬ 
ing;  Apache,  Java,  JDBC  Or¬ 
acle,  PL/SQL,  Servlets,  Rational 
Rose.  Bachelor’s  degree  or  for¬ 
eign  edu.  equiv.  of  same  and  1  yr 
exp.  required. 

Programmer  Analysts  to  plan, 
develop,  test  and  document 
computer  programs,  applying 
knowledge  of  programming 
techniques  and  computer  sys¬ 
tems:  evaluate  user  request  for 
new  or  modified  program,  for¬ 
mulate  plan  outlining  steps  re¬ 
quired  to  develop  program, 
using  structured  analysis  and 
design.  Design  new  code/pro¬ 
gram  or  replace,  delete,  or  mod¬ 
ify  existing  code/program  to 
meet  client  needs,  will  use  a 
variety  of  software  tools  includ¬ 
ing;  Cobol,  C,  Fortran,  Visual 
Basic,  Oracle,  Solaris.  Bachel¬ 
or's  degree  or  foreign  edu. 
equiv.  of  same  and  1  yr  exp. 
required. 

Technical  Sales  Managers  to 

direct/manage  sales  of  the  com¬ 
pany's  IT  consulting  services, 
interact  with  clients  to  determine 
technical  specifications  and  ov¬ 
ersee  initiation  and  development 
of  offshore  projects.  Master's 
degree  in  Business  Administra¬ 
tion  or  Management  plus  1  year 
of  experience  in  the  IT  industry. 
Experience  must  have  included 
business  development  initiatives 
and  off-shore  project  execuction 
in  the  fields  of  ERP  (SAP / 
PeopleSoft  Applications)  or  fin¬ 
ancial  services  or  insurance  ser¬ 
vices  or  transportation  industry. 

For  some  positions,  we  will  also 
accept  the  degree  equivalent  in 
edu.  and  exp.  Travel  and/or  relo¬ 
cation  required.  Send  confiden¬ 
tial  resume,  salary  requirements 
and  position  applying  for  to: 
Hexaware  Technologies,  Inc. 
Attn:  HR,  4343  Commerce 
Court,  Suite  618,  Lisle,  IL  60532. 


Intellysis  Technology  is  a  fast 
growing  Chicago  based  IT  con¬ 
sulting  group  with  clients  all  over 
the  USA  in  leading  edge  areas 
such  as  eCommerce,  ERP,  Au¬ 
tomated  Testing  and  Client  Ser¬ 
ver  MultiTier  Systems.  Intellysis 
is  looking  for  Programmer  An¬ 
alysts,  System  Analyst,  Comput¬ 
er  Programmers,  Software  De¬ 
velopers  and  Project  Managers 
with  experience  in  one  or  more 
of  the  following  skills: 

C++,  C,  VC++, 

Java/Java  Web  Server,  Java 
Script 

VB,  VB  Script,  ASP,  ActiveX, 
COM,  DCOM 

CGI,  Servlets,  CORBA,  Perl 
VJ++ 

HTML,  DHTML,  XML 
JAVA  APPLETS 
COLD  FUSION,  HTTP 
SEGUE/RADVIEW  TOOLS 
Large  Scale  System  Design/ 
Architecture  Testing  Experience 

All  jobs  require  a  minimum  of  a 
Bachelors  Degree  or  equivalent 
in  Computer  Science  or  related 
fields  +  lyr.  exp.  reqd.  depend¬ 
ing  on  position. 

Project  Managers  require  a 
Masters  in  Business  Administra¬ 
tion  or  its  equivalent.  Frequent 
travel  and/or  relocation.  If  you 
are  interested  in  our  company, 
please  mail,  fax  or  e-mail  your 
resume  including  reference 
number  CW0504  to:  INTEL- 
LISYS  TECHNOLOGY  LLC  , 
600  Enterprise  Dr,  Ste  208,  Oak 
Brook,  IL  60523;  fax  (630)  455- 
1333. 

e-mail :  recruit@  7hillsys. com 
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Bluetooth 


tool  called  Bluewatch  from 
AirDefense  Inc.  to  scan  every 
device  on  his  network  and  em¬ 
ployees’  mobile  phones  for  the 
presence  of  the  wireless  tech¬ 
nology.  Hawkins  will  then  de¬ 
cide  which  devices  should  be 
allowed  to  run  Bluetooth  and 
access  the  network  at  Leap¬ 
frog,  an  Atlanta-based  vendor 
of  managed  network  services. 

Cracks  in  Bluetooth’s  secu¬ 
rity  capabilities  first  came  to 
light  in  February,  when  re¬ 
searchers  in  the  U.K.  said  they 
had  developed  a  tool  that 
could  exploit  a  flaw  in  some 
phones  to  connect  to  other  de¬ 
vices  without  going  through 
the  normal  pairing  process. 
Once  the  connection  was  es¬ 
tablished,  the  tool  could 
download  data  such  as  ad¬ 
dress  books  and  personal  cal¬ 
endars  [QuickLink  44727]. 

Attack  Techniques 

The  Bluetooth  Special  Interest 
Group  (SIG),  a  trade  associa¬ 
tion  based  in  Overland  Park, 
Kan.,  today  plans  to  address 
the  technology’s  vulnerability 
to  the  “bluesnarfing”  attacks 
and  another  hacking  tech¬ 
nique  called  “bluejacking.” 

The  group  said  in  a  state¬ 
ment  that  Bluetooth  users 
need  to  “understand  the  reali¬ 
ties  of  the  situation  [and] 
know  how  to  protect  them¬ 
selves.”  Patches  are  available 
for  the  phones  that  are  at 
risk  of  being  attacked,  said  a 
spokesman  for  the  Bluetooth 
SIG.  He  added  that  the  group 
also  plans  to  detail  initiatives 
it  has  under  way  to  make  Blue¬ 
tooth  more  secure. 

The  spokesman  said  that 
only  a  relatively  small  number 
of  phones  from  Nokia  Corp. 
and  Sony  Ericsson  Mobile 
Communications  AB  are  sus¬ 
ceptible  to  bluesnarfing.  De¬ 
spite  the  current  concerns,  he 
claimed  that  Bluetooth  “is 
more  secure  than  any  other 
wireless  technology”  because 


of  the  short  transmission 
range  of  most  devices  and  its 
128-bit  encryption  capabilities. 
Neither  Nokia  nor  Sony  Erics¬ 
son  returned  calls. 

Bluetooth  security  con¬ 
cerns  will  likely  continue  to 
grow  as  devices  that  use  the 
technology  proliferate,  said 
Chris  Kozup,  an  analyst  at 
Meta  Group  Inc.  Kozup  said 
Bluetooth-equipped  mobile 
phones  can  be  a  particularly 
vexing  problem  for  IT  man¬ 
agers  because  many  are 
bought  by  individual  employ¬ 
ees,  making  them  harder  to 
manage  than  corporate  assets 
such  as  laptop  PCs. 

Bluejacking  involves  sending 


unsolicited  text  messages  to 
other  Bluetooth  users.  Karl 
Feilder,  president  and  CEO  of 
Red-M  Ltd.,  a  vendor  of  wire¬ 
less  security  tools  in  Bucks, 
England,  described  bluejack¬ 
ing  as  “an  annoyance”  that  can 
be  defeated  by  turning  off  the 
phone  function  on  devices, 
which  needs  to  be  on  to  allow 
the  exchange  of  such  messages. 

Few  IT  managers  are  even 
aware  of  Bluetooth’s  wide¬ 
spread  use,  Feilder  said. 
Worldwide  shipments  of  mo¬ 
bile  phones  and  other  devices 
that  use  the  technology  ex¬ 
ceeded  1  million  units  per 
week  last  year,  according  to 
the  Bluetooth  SIG.  He  estimat- 


Bluetooth  Threats 

Bluesnarfing:  Exploits  a  flaw  in 
some  phones  to  bypass  the  pair¬ 
ing  process  in  which  PINs  are 
exchanged  and  gain  access  to 
data  on  the  target  device. 

Bluejacking:  Uses  the  wireless 
connection  to  send  text  messages 
to  other  mobile  phones  without 
first  going  through  the  pairing 
process. 


ed  that  as  many  as  2  billion 
Bluetooth-equipped  devices 
could  be  in  use  by  next  year. 

Many  Bluetooth  products 
are  short-range  devices  that 
can  transmit  across  distances 


of  only  about  30  feet.  But  Jay 
Chaudhary,  chairman  of  Air- 
Defense  in  Alpharetta,  Ga., 
said  a  large  number  of  laptop 
PCs  include  longer-range 
Bluetooth  radios  that  can  work 
at  distances  of  up  to  300  feet. 
That  could  make  them  more 
vulnerable  to  attacks,  he  said. 

AirDefense’s  Bluewatch  de¬ 
tection  tool  costs  $295  for  use 
on  a  laptop  PC.  Red-M  also  of¬ 
fers  a  Bluetooth  detection  sys¬ 
tem  that’s  based  on  radio  fre¬ 
quency  sensors  deployed 
throughout  a  company’s  of¬ 
fices,  with  costs  for  an  instal¬ 
lation  running  between 
$50,000  and  $250,000,  accord¬ 
ing  to  Feilder.  ©  46757 
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E-voting 

voter-verifiable  paper  receipts, 
the  50  million  Americans  who 
will  use  electronic  voting  ma¬ 
chines  this  fall  will  have  no 
way  of  knowing  if  their  votes 
were  subject  to  electronic  tam¬ 
pering.  Moreover,  the  code 
base  powering  the  systems  is  so 
large  and  complex  that  there’s 
no  efficient  way  for  election 
officials  to  be  sure  that  it’s  free 
of  malicious  code  designed  to 
manipulate  election  results. 

Avi  Rubin,  a  professor  at  the 
Johns  Hopkins  University  In¬ 
formation  $ecurity  Institute  in 
Baltimore,  said  his  biggest 
concern  is  the  threat  of  indi¬ 
viduals  who  have  access  to  the 
code  base  rigging  the  election. 
“And  it’s  virtually  undetect¬ 
able,”  he  said. 

“The  trusted  computing 
base  is  approximately  50,000 
lines  of  computer  code  sitting 
on  top  of  tens  of  millions  of 
lines  of  [operating  system] 
code,”  Rubin  said.  “It  is  impos¬ 
sible  to  secure  such  a  large 
trusted-computing  base.” 

Rubin  recently  had  40  Ph.D. 
candidates  design  Trojan 
horse  programs  to  assess  the 
security  of  the  e-voting  sys¬ 
tems.  “I  was  astounded  to  see 
the  cleverness  and  ease  with 


which  the  malicious  code  was 
hidden  and  how  difficult  it 
was  to  find,”  he  told  the  com¬ 
mission.  “In  the  short  term, 
meaning  November  2004,  a 
voter-verifiable  paper  ballot  is 
necessary.  It’s  the  only  way  to 
get  around  all  of  the  security 
problems  in  the  machines” 
and,  if  necessary,  to  conduct 
meaningful  recounts. 

Identifying  Vulnerabilities 

Rubin,  who  has  come  under 
fire  from  IT  vendors  and  their 
Washington  lobbying  group, 
the  Information  Technology 
Association  of  America,  re¬ 
cently  worked  as  a  polling  of¬ 
ficial  to  observe  the  process 
firsthand. 

Although  Rubin  said  that 
the  experience  forced  him  to 
rethink  some  of  his  early  con¬ 
cerns  about  the  security  of  the 


Johns  Hopkins  professor  Avi  Rubin 
claims  there  are  significant  vulnerabili¬ 
ties  in  electronic  voting  systems. 


systems,  he  added  that  he 
came  away  with  new  concerns 
about  the  risk  of  manipulation 
and  fraud. 

“At  the  end  of  the  day,  the 
memory  cards  were  taken  out 
of  all  of  the  machines  and  put 
into  one  machine  . . .  and  then 
they  were  [transmitted  via 
modem]  to  back-end  servers,” 
said  Rubin.  He  also  noted  that 
the  polling  station  used  a  bro¬ 
ken  cipher  for  encryption  and 
a  key  that  was  hard-wired  to 
all  of  the  machines.  That  con¬ 
stituted  “a  single  point  of  vul¬ 
nerability,”  he  said. 

Ted  $elker,  a  professor  at 
MIT  and  a  former  IBM  fellow, 
said  there  are  ways  to  counter 
such  vulnerabilities.  But  en¬ 
cryption  would  be  too  difficult 
to  deploy  in  time  for  the  No¬ 
vember  vote,  he  said.  And  in 
some  cases,  registration  data¬ 
bases  remain  full  of  errors  —  a 
problem  that  led  to  the  loss  of 
between  1.5  million  and  3  mil¬ 
lion  votes  during  the  2000 
election,  $elker  said. 

The  IT  vendors  that  make 
the  systems  in  question  sought 
to  discredit  Rubin’s  research 
by  characterizing  it  as  labora¬ 
tory  work  that  has  little  rele¬ 
vance  to  a  real-world  voting 
environment.  $ome  also  com¬ 
plained  that  until  last  year, 
election  officials  were  more  in¬ 
terested  in  usability  improve¬ 


ments  than  in  better  security. 

“What’s  been  missing  from 
these  laboratory-originated 
critiques  has  been  the  real- 
world  experience  of  the  voting 
booth,”  said  Mark  Radke,  di¬ 
rector  of  marketing  at  McKin¬ 
ney,  Texas-based  Diebold 
Election  Systems,  which  made 
the  system  tested  by  Rubin 
and  his  students.  The  ques¬ 
tions  and  doubts  raised  are 
“theoretical  in  nature,”  he  said. 

Neil  McClure,  general  man¬ 
ager  of  Hart  InterCivic  Inc.  in 
Austin,  said  product  changes 
should  be  based  on  risk  assess¬ 
ments,  not  solely  on  the  exis¬ 
tence  of  vulnerabilities.  He  dis¬ 
counted  the  threat  of  electron¬ 
ic  tampering,  saying  it  would 
require  a  long-term  commit¬ 
ment  by  a  motivated  attacker. 

In  any  case,  both  the  IT 
vendors  and  the  researchers 
agreed  that  properly  securing 
the  existing  systems  will  also 
be  a  long-term  process. 

“For  2004,  we  have  the 
equipment  we  have,”  said 
$elker.  ©  46750 


CASTING  THEIR  VOTES 

The  ITAA  last  week  blasted  the  comments 
of  e-voting  security  critic  Avi  Rubin: 

QuickLink  46763 

See  Dan  Verton's  photojournal  covering  the 
election  commission  hearing  online: 

QuickLink  a4510 
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Sinister  Sasser 


Think  the  sasser  worm  is  trivial?  Think  just  be¬ 
cause  it  had  near-zero  impact  on  U.S.  businesses,  it’s 
not  something  you  need  to  worry  about?  Think  again. 
True,  Sasser  infections  numbered  only  in  the  dozens 
at  places  like  American  Express,  Citibank  and  Lehman 
Brothers,  and  the  worm  was  cleaned  up  quickly.  Even  in  Europe, 
where  banks,  a  stock  exchange  and  even  the  offices  of  the  European 
Commission  were  reportedly  hit,  Sasser  was  more  of  an  annoyance 
than  a  crisis  —  nothing  to  really  worry  about. 

Start  worrying.  Worm  writers  are  learning.  And  they  have  a  plan. 


Why  do  you  think  there  are  endless  versions 
of  new,  seemingly  ineffective  worms  like  Net- 
sky  and  Sasser?  They  don’t  do  much  besides 
spread  themselves.  So  why  30  versions  of  Net- 
sky  in  11  weeks?  Why  a  dozen  Welchia  worms  in 
three  months?  Think:  Why  would  you  churn 
out  lots  of  small  prototypes  very  quickly,  with 
only  slight  differences  among  them? 

That’s  right  —  to  test  them  with  users  and  get 
feedback,  to  find  out  which  features  of  each 
prototype  work  and  which  are  a  waste  of  time. 
We  do  it  with  a  pilot  group  of  users.  The  worm 
writers  are  doing  it  with  the  entire  Internet. 

These  prototype  worms  aren’t  supposed  to 
wreak  havoc.  They’re  just  supposed  to  spread. 
They’re  experiments,  prototypes  with  cycle  af¬ 
ter  cycle  of  tweaking  and  testing. 

Once,  the  individuals  who  wrote  malware 
just  took  their  best  shot.  Now  they  work  in 
teams,  developing  their  software  slowly  and 
carefully,  testing  one  element  at  a  time.  Those 
step-by-step  results  aren’t  very  dramatic.  But 
once  the  worm  writers  put  it  all  together,  their 
worms  will  be  a  lot  more  likely  to  work. 

Feeling  a  little  worried  yet? 

That  slow,  steady  approach  to 
worm  writing  has  other  results,  too. 

Worm  writers  now  know  that  the 
timing  of  a  worm  launch  matters. 

Sasser  hit  on  Friday  evening,  just  af¬ 
ter  the  security  experts  went  home 
for  what  was  a  three-day  weekend 
in  Europe  —  so  it  got  a  much  better 
head  start  than  if  it  had  been  re¬ 
leased  on  a  Thursday  afternoon. 

Worm  writers  have  also  accus¬ 
tomed  us  to  lots  of  worms  —  two  or 
three  new  variants  per  day  now  — 
and  high  infection  rates.  Five  years 
ago,  the  Chernobyl  virus  spread  to 


700,000  computers.  Everyone  was  astounded. 
Last  week,  Sasser  probably  topped  a  million, 
and  everyone  yawned.  As  worm  writers  are  get¬ 
ting  more  methodical,  effective  and  —  ultimate¬ 
ly  —  threatening,  we’re  paying  less  attention. 

So  what  is  their  plan?  What’s  all  this  meticu¬ 
lous  worm  development  leading  to? 

We  don’t  know.  But  we  can  guess.  The  goal 
might  just  be  a  giant  network  of  spam  relays. 

Or  it  could  be  something  much  worse. 

What  if  all  those  different  worms  are  turned 
into  empty  delivery  vehicles?  What  if  a  future 
generation  does  its  overnight  mass  infection, 
and  then  each  worm  phones  home  for  a  pay- 
load?  That  would  form  a  perfect  platform  for 
massive  denial-of-service  attacks.  Properly  de¬ 
signed,  the  worms  could  hide  their  target  until 
the  last  minute  —  because  they  won’t  contain 
the  attack  payload  until  the  last  minute. 

Worried  now?  Good. 

That  DoS  attack,  when  it  comes,  might  be 
aimed  squarely  at  you.  It  might  hit  a  key  suppli¬ 
er  or  service  provider.  It  might  just  suck  up  all 
the  bandwidth  in  your  vicinity.  You  need  to 
be  prepared  for  an  attack  —  or  for  collateral 
damage. 

If  you  don’t  already  have  a  DoS 
recovery  plan,  make  one  now.  Then 
test  it.  Refine  it.  Make  sure  your  IT 
shop  can  execute  it.  Prepare  for  a 
DoS  attack  like  you  would  for  a 
fire,  flood  or  any  other  disaster. 

Because  even  if  those  worms 
don’t  ultimately  pose  a  DoS  threat, 
you’re  no  worse  off.  You’re  ready  in 
case  someone  or  something  else 
slams  you  with  a  DoS  attack. 

But  if  the  worms  turn  on  you,  the 
last  thing  you’ll  think  they  are  is 
trivial.  ©  46707 
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Wrong,  Wrong,  Wrong! 

This  county  officeMoves  from  dumb  terminals  to  net¬ 
worked  PCs  so  swiftly  that  there  are  lots  of  equipment 
problems:  misadjusted  monitors,  keyboards  with  ca¬ 
bles  that  don’t  reach  -  you  get  the  idea.  It’s  no  big 
deal,  reports  a  pilot  fish  there,  and  employees  shift 
things  around  for  themselves.  Then  the  nontechie 
manager  hears  about  it.  "She  gathered  us  in  an  audi¬ 
torium  and  exhorted  us  to  call  the  help  desk  even  if  all 
we  needed  was  to  move  the  monitor  from  one  side  of 
a  desk  to  the  other,”  fish  says.  “Why?  Weil,  (Iviously, 
because  if  you  move  them,  they  could  explode!” 


ship  and  espe¬ 
cially  a  strong 
chain  of  com¬ 
mand.  So  sys¬ 
admin  pilot  fish 
is  puzzled  to  find  himself 
in  the  CIO’s  office  - 


SHARK 

TANK*, 


Flying  Blind 

Tech  pilot  fish 
gets  the  call 
when  the  payroll 
department’s 
printer  jams  halfway 
through  printing  payroll 
checks.  “When  I  ap¬ 
proached  the  printer,  the 
payroll  clerk  jumped  in 
front  of  me  and  told  me 
I  couldn’t  look  at  the 
checks,”  fish  says.  “I 
asked  her  how  I  was 
supposed  to  fix  the  jam  if 
I  couldn’t  get  near  the 
printer.  She  told  me  I 
would  have  to  keep  my 
eyes  closed.” 

That  Tiny  Web 

When  this  contractor 
pilot  fish  gets  hired  as 
a  regular  employee,  he 
finally  has  real  health 
insurance.  But  he  can’t 
find  the  list  of  doctors  on 
the  insurance  provider’s 
Web  site,  so  he  asks  the 
HR  director.  “Have  you 
looked  at  the  purple 
book  on  the  HR  table?” 
she  says.  No,  I  was  look¬ 
ing  online,  says  fish. 

“It’s  not  online,”  she 
tells  him.  “They  have  to 
print  it.  The  list  of  doc¬ 
tors  is  too  long,  and  it 
changes  too  often.” 

About  One  Link 
Short  of  a  Chain 

Bank’s  CIO  claims  he’s 
big  on  teamwork,  leader- 


without  his  IT  manager 
boss  -  hearing  the  CIO 
gripe  that  he  doesn’t 
know  what  fish  does  all 
day.  “I  start  to  enumer¬ 
ate  my  many  duties,” 
says  fish.  “But  he  cuts 
me  off,  saying,  ‘I  don’t 
want  to  know  what 
you’re  doing!’  ” 

Big  Bother 

New  wireless  network  at 
a  health  clinic  works  fine 
for  a  few  days.  Then  it 
stops  working,  and  a 
pilot  fish  is  sent  to  inves¬ 
tigate.  He  discovers  that 
the  wireless  access 
point  has  been  un¬ 
plugged.  Turns  out  one 
of  the  nurses  did  it. 
Nursing  supervisor  tells 
fish,  "The  nurses  asked 
me  why  you  set  up  a 
staff  monitoring  device 
in  their  area.  It  isn’t  any 
of  your  business  what 
they  were  doing,  so  they 
unplugged  it.”  Fish  ex¬ 
plains  what  the  wireless 
access  point  is  really  for, 
but  supervisor  is  still  un¬ 
moved:  “it  had  antennas 
on  it,  so  we  just  figured 
we  would  unplug  Big 
Brother.” 


©NEVER  MIND  BIG  BROTHER,  Sharky  is  watching: 

sharky@computerworld.com.  You  score  a  stylish 
Shark  shirt  if  I  tell  your  true  tale  of  IT  life.  And  check  out  the 
daily  feed,  browse  the  Sharkives  and  sign  up  for  Shark  Tank 
home  delivery  at  computerworld.com/sharky. 


your  SAN  is  under  threat 


Without  SAN  monitoring,  downtime  is 
stealing  from  your  business. 

Reduce  your  exposure  to  the  risks  associated  with  SAN  downtime.  Get  NetWisdom  and 
Xgig  Analyzer,  the  SAN  monitoring  and  analysis  tools  that  identify  catastrophic  events 
before  they  shut  your  network  down.  SAN  failure  occurs  after  an  accumulation  of  invis¬ 
ible  errors.  Finisar’s  NetWisdom  and  Xgig  Analyzer  proactively  identify  and  troubleshoot 
network  errors,  reducing  business  losses,  technology  costs,  and  customer  service  voids. 

Research  shows  that  SAN  downtime  can  cost  organizations  $100,000  per  minute,  or 
more.*  NetWisdom  and  Xgig  help  you  avoid  these  costs  by  conducting  accurate  perfor¬ 
mance  tuning  and  capacity  planning. 

When  data  stops  moving,  so  do  the  dollars.  Be  part  of  the  solution:  monitor  your  SAN  with 
Finisar  network  tools  and  stop  degradation,  CRC  errors  and  events  that  can  impact  your 
most  critical  business  data  and  transactions. 

View  our  web  seminar,  including  a  customer  case  study  and  demo  of  NetWisdom  by  visiting  ‘ 

www.finisar.com/risk 


Finisar 


Finisar  has  been  speeding  up  networks  and 
delivering  best-of-breed  products  and  testing 
solutions  since  1988.  Finisar  was  the  recipi¬ 
ent  of  the  2004  Frost  &  Sullivan  Award  for 
Market  Leadership  in  the  fibre  channel  test 
equipment  market.  NASDAQ:  FNSR. 


•Source:  Fabric  Computing:  Beyond  the  N-tier  Data  Center,  R8C  Capital  Reports  Oct  2003 
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the  Oracle  Platform 
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Application  Server  lOg 


Common  LDAP  directory 
Unified  security  model 
Common  administration 
Automated  space  management 


Engineered  to  work  together 


oracle.com/platform 
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